openbsd
9 years agoRemove telnet warnings. Civilization has reached a point where they are no
tim [Fri, 9 Oct 2015 21:59:34 +0000 (21:59 +0000)]
Remove telnet warnings. Civilization has reached a point where they are no
longer relevant.

OK millert@

9 years agoThe variable errmsg can be static in main.c if code in re.c uses an own
tobias [Fri, 9 Oct 2015 21:24:05 +0000 (21:24 +0000)]
The variable errmsg can be static in main.c if code in re.c uses an own
buffer to construct error messages.

with input by and ok millert@

9 years agoDefine functions as static when they are not used outside their own c-files.
tobias [Fri, 9 Oct 2015 20:27:28 +0000 (20:27 +0000)]
Define functions as static when they are not used outside their own c-files.

ok millert@

9 years agoUse __progname rather than argv[0]; OK millert@
tim [Fri, 9 Oct 2015 20:24:37 +0000 (20:24 +0000)]
Use __progname rather than argv[0]; OK millert@

9 years agoReplace readpass(3) with readpassphrase(3). This was the only use of
tim [Fri, 9 Oct 2015 20:14:35 +0000 (20:14 +0000)]
Replace readpass(3) with readpassphrase(3). This was the only use of
readpass(3) in base...

OK millert@

9 years agoLexer states are not needed outside of lex.c.
millert [Fri, 9 Oct 2015 19:49:08 +0000 (19:49 +0000)]
Lexer states are not needed outside of lex.c.
From mksh via Michael McConville

9 years agoMark static globals that are only used in their respective .c files.
millert [Fri, 9 Oct 2015 19:47:02 +0000 (19:47 +0000)]
Mark static globals that are only used in their respective .c files.
Also make stdin unbuffered since that is the same as using a
single-byte buffer.  OK tobias@

9 years agoremove null check before afree. from Michael McConville
tedu [Fri, 9 Oct 2015 19:36:27 +0000 (19:36 +0000)]
remove null check before afree. from Michael McConville

9 years agoExit autoinstall in case of an invalid choice.
rpe [Fri, 9 Oct 2015 18:30:54 +0000 (18:30 +0000)]
Exit autoinstall in case of an invalid choice.

OK krw@

9 years agoKeep relayd test certificate names in sync with syslogd.
bluhm [Fri, 9 Oct 2015 17:51:08 +0000 (17:51 +0000)]
Keep relayd test certificate names in sync with syslogd.

9 years agoupon smtpd restart, when scanning the offline queue, unlink 0-sized offline
gilles [Fri, 9 Oct 2015 17:44:25 +0000 (17:44 +0000)]
upon smtpd restart, when scanning the offline queue, unlink 0-sized offline
messages as they are left-overs from an errored enqueue.

ok millert@, ok eric@

9 years agoHave not come up with a great pattern for flock() yet. flock() is permitted
deraadt [Fri, 9 Oct 2015 17:18:20 +0000 (17:18 +0000)]
Have not come up with a great pattern for flock() yet.  flock() is permitted
by "getpw" because libc getpw*/getgr* use open() of /var/run/ypbind.lock plus
flock() to detect YP running.  The kernel observes this dance to "open up" the
YP door (ugliness should drive us to rewrite this mechanism from SunOS later).

however, flock is also used independently.  Current users are
    htpasswd mail skeyinit tmux authpf pwd_mkdb ldapd smtpd ypbind
    login_token mail.local lockspool
Let's enable flock() for "cpath", and see if that helps these programs,
otherwise we'll try "wpath" next.

9 years agoWith nfs spool (fork + seteuid/setuid balony) support gone, it becomes
deraadt [Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)]
With nfs spool (fork + seteuid/setuid balony) support gone, it becomes
possible to pledge "stdio rpath wpath tty proc"
Noone uses this code anymore.  This is a demonstration...

9 years agoremove NFS spool support; it stands in the way of pledge(2)
deraadt [Fri, 9 Oct 2015 17:07:21 +0000 (17:07 +0000)]
remove NFS spool support; it stands in the way of pledge(2)

9 years agoAdd tests for syslogd TLS accept and receive encrypted messages.
bluhm [Fri, 9 Oct 2015 17:07:06 +0000 (17:07 +0000)]
Add tests for syslogd TLS accept and receive encrypted messages.

9 years agoIf syslogd is started with -S, it accepts TLS connections to receive
bluhm [Fri, 9 Oct 2015 16:58:25 +0000 (16:58 +0000)]
If syslogd is started with -S, it accepts TLS connections to receive
encrypted messages.  The server certificates are taken from /etc/ssl
like relayd does.
OK benno@ beck@ deraadt@

9 years agoConvert fgetln(3) to getline(3).
sunil [Fri, 9 Oct 2015 16:47:14 +0000 (16:47 +0000)]
Convert fgetln(3) to getline(3).

Ok eric@ todd@ gilles@

9 years agoA fork(2) is used in ttymsg() to delay the message to a tty if it
bluhm [Fri, 9 Oct 2015 16:44:55 +0000 (16:44 +0000)]
A fork(2) is used in ttymsg() to delay the message to a tty if it
blocks.  Fix the potential syslogd's death, add "proc" to pledge.
OK deraadt@

9 years agocatch up to tame() -> pledge() rename
deraadt [Fri, 9 Oct 2015 16:29:17 +0000 (16:29 +0000)]
catch up to tame() -> pledge() rename

9 years agopare down the readme so as to not imply we are tracking upstream.
tedu [Fri, 9 Oct 2015 16:26:03 +0000 (16:26 +0000)]
pare down the readme so as to not imply we are tracking upstream.
nor do we much care about running this on dec ultrix anymore, etc...
ok deraadt

9 years agoif an error occurs during offline enqueuing after we've dropped group, then
gilles [Fri, 9 Oct 2015 15:09:09 +0000 (15:09 +0000)]
if an error occurs during offline enqueuing after we've dropped group, then
attempt to ftruncate() the fp back to 0.

suggested and ok millert@, ok eric@

9 years agoturn our local enqueuer setgid _smtpq and restrict access to offline queue,
gilles [Fri, 9 Oct 2015 14:37:38 +0000 (14:37 +0000)]
turn our local enqueuer setgid _smtpq and restrict access to offline queue,
the enqueuer will revoke group and regain real gid right after mkstemp.

this would have prevented the symlink/hardlink attacks against offline, and
it will avoid having to deal with new ways users can mess with it.

ok eric@, ok millert@

9 years agoRemove evil hack. I've never seen the printf fire, and xenocara no longer
kettenis [Fri, 9 Oct 2015 13:22:54 +0000 (13:22 +0000)]
Remove evil hack.  I've never seen the printf fire, and xenocara no longer
contains any code that can manipulate the affected register directly.

ok jsg@

9 years agothis cpp operates file using pledge "stdio rpath wpath cpath"
deraadt [Fri, 9 Oct 2015 12:20:18 +0000 (12:20 +0000)]
this cpp operates file using pledge "stdio rpath wpath cpath"

9 years agoTame syslogd privsep child with "stdio rpath unix inet recvfd".
bluhm [Fri, 9 Oct 2015 12:07:32 +0000 (12:07 +0000)]
Tame syslogd privsep child with "stdio rpath unix inet recvfd".
With and OK deraadt@

9 years agooops, snuck into a syscalls sync; spotted by sthen
deraadt [Fri, 9 Oct 2015 11:47:30 +0000 (11:47 +0000)]
oops, snuck into a syscalls sync; spotted by sthen

9 years agoregress pledge
semarie [Fri, 9 Oct 2015 11:42:54 +0000 (11:42 +0000)]
regress pledge

add missing $OpenBSD$ header

9 years agoregress pledge: remove 'regenerate' target
semarie [Fri, 9 Oct 2015 11:38:39 +0000 (11:38 +0000)]
regress pledge: remove 'regenerate' target

9 years agoadd "tty" regress for pledge
semarie [Fri, 9 Oct 2015 11:38:05 +0000 (11:38 +0000)]
add "tty" regress for pledge

9 years agocorrect Xr; from theo buehler
jmc [Fri, 9 Oct 2015 10:13:48 +0000 (10:13 +0000)]
correct Xr; from theo buehler

9 years agoif enhanced status class is not set, enhanced status code is never dumped
gilles [Fri, 9 Oct 2015 09:56:28 +0000 (09:56 +0000)]
if enhanced status class is not set, enhanced status code is never dumped
in disk envelope.

9 years agoAll commands seem to work fine with pledge "stdio" after the connect(),
deraadt [Fri, 9 Oct 2015 07:54:28 +0000 (07:54 +0000)]
All commands seem to work fine with pledge "stdio" after the connect(),
direct source and symbol table inspection suggests it is good.  The same
principle will likely apply to most of our network daemon *ctl programs,
since many are derived from ospfd.  Still, each needs testing.
discussion about network daemons and ctl's has been mostly with renato

9 years agoanother tame(2), spotted by jmc
deraadt [Fri, 9 Oct 2015 07:39:56 +0000 (07:39 +0000)]
another tame(2), spotted by jmc

9 years agoFix line number bug when calling onlywind().
lum [Fri, 9 Oct 2015 07:27:56 +0000 (07:27 +0000)]
Fix line number bug when calling onlywind().

9 years agohook pledge
semarie [Fri, 9 Oct 2015 06:50:01 +0000 (06:50 +0000)]
hook pledge

9 years agofollow tame->pledge in regress
semarie [Fri, 9 Oct 2015 06:44:13 +0000 (06:44 +0000)]
follow tame->pledge in regress

9 years agodo not use weak; plus this dies next week
deraadt [Fri, 9 Oct 2015 06:10:57 +0000 (06:10 +0000)]
do not use weak; plus this dies next week

9 years agoanother stray )
deraadt [Fri, 9 Oct 2015 05:55:58 +0000 (05:55 +0000)]
another stray )

9 years agoshortcircuit TIOCGETA to directly return ENOTTY for non-ttys. It could
deraadt [Fri, 9 Oct 2015 05:30:03 +0000 (05:30 +0000)]
shortcircuit TIOCGETA to directly return ENOTTY for non-ttys.  It could
be called against a non-tty fd, so as to test "is this a tty".  Discovered
by sthen and rob pierce at the same time.

9 years agooops, typo spotted in temporary .c file, by semarie
deraadt [Fri, 9 Oct 2015 04:38:54 +0000 (04:38 +0000)]
oops, typo spotted in temporary .c file, by semarie

9 years agofix a gotcha in the connect refactoring, that could result in dropping
deraadt [Fri, 9 Oct 2015 04:13:34 +0000 (04:13 +0000)]
fix a gotcha in the connect refactoring, that could result in dropping
through and trying to bind failed v6 connects.
ok guenther

9 years agothe ntp engine can run with "stdio inet proc". For many reasons,
deraadt [Fri, 9 Oct 2015 03:54:53 +0000 (03:54 +0000)]
the ntp engine can run with "stdio inet proc".  For many reasons,
including fork/exec cost, it would be better if constraints were
forked from the master process, which would then tell the ntp
engine.  That would increase accuracy and security.
Lots of conversations with reyk and bcook

9 years agoOnce the constraint engine process is running, it only needs
deraadt [Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)]
Once the constraint engine process is running, it only needs
"stdio inet".  It took weeks to get to this point...

9 years agostardate 93370.16: a whitespace appears to have entered our quadrant...
deraadt [Fri, 9 Oct 2015 02:44:22 +0000 (02:44 +0000)]
stardate 93370.16: a whitespace appears to have entered our quadrant...

9 years agomulticast test backwards; noted by renato
deraadt [Fri, 9 Oct 2015 02:36:46 +0000 (02:36 +0000)]
multicast test backwards; noted by renato

9 years agosync
deraadt [Fri, 9 Oct 2015 01:46:27 +0000 (01:46 +0000)]
sync

9 years agoChange all tame callers to namechange to pledge(2).
deraadt [Fri, 9 Oct 2015 01:37:06 +0000 (01:37 +0000)]
Change all tame callers to namechange to pledge(2).

9 years agotame -> pledge.
deraadt [Fri, 9 Oct 2015 01:26:40 +0000 (01:26 +0000)]
tame -> pledge.

9 years agotame -> pledge conversion, in libc. I should crank libc, but am cheating
deraadt [Fri, 9 Oct 2015 01:24:57 +0000 (01:24 +0000)]
tame -> pledge conversion, in libc.  I should crank libc, but am cheating
hoping things go well.  The old symbol is faked via a stupid stub function,
until next major crank when it can be removed.  I am expecting guenther
to scream at me.

9 years agoRename tame() to pledge(). This fairly interface has evolved to be more
deraadt [Fri, 9 Oct 2015 01:17:18 +0000 (01:17 +0000)]
Rename tame() to pledge().  This fairly interface has evolved to be more
strict than anticipated.  It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.

9 years agosync
deraadt [Fri, 9 Oct 2015 01:11:12 +0000 (01:11 +0000)]
sync

9 years agoRename tame() to pledge(). This fairly interface has evolved to be more
deraadt [Fri, 9 Oct 2015 01:10:27 +0000 (01:10 +0000)]
Rename tame() to pledge().  This fairly interface has evolved to be more
strict than anticipated.  It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.

9 years agoAfter replacement alloca() with alloc(), out-of-heap happened when booting
yasuoka [Thu, 8 Oct 2015 22:41:12 +0000 (22:41 +0000)]
After replacement alloca() with alloc(), out-of-heap happened when booting
on a large block size (32K) partition.  Increase the HEAP_LIMIT from
0x90000 to 0xA0000.

try this, deraadt

9 years agoIf getaddrinfo() succeeds, then don't try look ups with other flags, even
guenther [Thu, 8 Oct 2015 20:13:45 +0000 (20:13 +0000)]
If getaddrinfo() succeeds, then don't try look ups with other flags, even
if the connect()s failed.  In concert with some resolver fixes in libc,
this lets ntpd be tame()ed

problem isolated by theo, who had fun untangling the libc and libtls
behaviors to place blame for not being able to tame ntpd

ok beck@ deraadt@ jsing@

9 years agoExpose a small set of multicast join operators under the request "mcast".
deraadt [Thu, 8 Oct 2015 17:29:43 +0000 (17:29 +0000)]
Expose a small set of multicast join operators under the request "mcast".
This will be used by a few daemons.  If they lack this feature, then
they would need to operate without tame.
Discussed with renato

9 years agoadd some tame calls. we may need a bunch of permissions to create files
tedu [Thu, 8 Oct 2015 16:45:50 +0000 (16:45 +0000)]
add some tame calls. we may need a bunch of permissions to create files
and manipulate the tty for readpassphrase, but once we've parsed options
and have some idea of what's going to happen next, we can reduce down
quite a bit more. particular use case of "signify | patch" is limited to
feeding garbage to patch.

9 years agostop trying to gift history files to the original owner. instead, don't
tedu [Thu, 8 Oct 2015 16:41:26 +0000 (16:41 +0000)]
stop trying to gift history files to the original owner. instead, don't
open history files that don't belong to us. probably much safer.
ok deraadt

9 years agoLock the page queues by turning uvm_lock_pageq() and uvm_unlock_pageq() into
kettenis [Thu, 8 Oct 2015 15:58:38 +0000 (15:58 +0000)]
Lock the page queues by turning uvm_lock_pageq() and uvm_unlock_pageq() into
mtx_enter() and mtx_leave() operations.  Not 100% this won't blow up but
there is only one way to find out, and we need this to make progress on
further unlocking uvm.

prodded by deraadt@

9 years agolittle cleanup from Michael McConville, mostly related to stale comments.
tedu [Thu, 8 Oct 2015 15:54:59 +0000 (15:54 +0000)]
little cleanup from Michael McConville, mostly related to stale comments.

9 years agoRefactor fileprefix() and filecopy() to use warn() instead of err()
krw [Thu, 8 Oct 2015 14:50:38 +0000 (14:50 +0000)]
Refactor fileprefix() and filecopy() to use warn() instead of err()
to display error message, and to return error indications (NULL and
-1 respectively).  Use the error indications in write_efisystem()
to unwind in the face of more error conditions. In other cases just
exit(1) to emulation current behaviour.

ok deraadt@

9 years agotame "stdio rpath wpath cpath proc exec". make is a shell, and appears
deraadt [Thu, 8 Oct 2015 14:49:27 +0000 (14:49 +0000)]
tame "stdio rpath wpath cpath proc exec".  make is a shell, and appears
to only need these operations.  Take note that "exec" is a 2-day old
tame request, so do get a new kernel before you update or risk getting
trapped.

9 years ago16 years after E801 memprobe was disabled, probably safe to delete it.
tedu [Thu, 8 Oct 2015 14:46:05 +0000 (14:46 +0000)]
16 years after E801 memprobe was disabled, probably safe to delete it.
ok deraadt jung kettenis ratchov

9 years agoRemove the sc_soft_req_cnt field because the number of tx requests is
visa [Thu, 8 Oct 2015 14:24:32 +0000 (14:24 +0000)]
Remove the sc_soft_req_cnt field because the number of tx requests is
already tracked in sc_sendq. Replace the sc_flush logic with a simple
Fetch-and-Add store that avoids an unnecessary IOBDMA transaction.

ok uebayasi@

9 years agotweak previous;
jmc [Thu, 8 Oct 2015 14:09:34 +0000 (14:09 +0000)]
tweak previous;

9 years agofix conditionals
eric [Thu, 8 Oct 2015 14:08:44 +0000 (14:08 +0000)]
fix conditionals

ok deraadt@

9 years agoportmap's main process can be tame "stdio rpath inet proc"; proc is
deraadt [Thu, 8 Oct 2015 14:02:09 +0000 (14:02 +0000)]
portmap's main process can be tame "stdio rpath inet proc"; proc is
for the callit interface needing to fork, and parent needing to wait.
that child can drop to "stdio rpath inet".

It is possible some libc/rpc codepath has not yet been figured out, but
commiting it is the best way to get it tested. Tested what I could myself,
but noone answered my call for testing...

9 years agoMake sure that when trunk_port_ioctl is called to set a new
mikeb [Thu, 8 Oct 2015 13:58:07 +0000 (13:58 +0000)]
Make sure that when trunk_port_ioctl is called to set a new
lladdr the trunk port is already on the list.

OK mpi

9 years agoHandle case where no hint is passed in. Found as a crash of fdm by jturner@
deraadt [Thu, 8 Oct 2015 13:55:56 +0000 (13:55 +0000)]
Handle case where no hint is passed in.  Found as a crash of fdm by jturner@

9 years agosetsockopt has a small list of options it can set. If we find ourselves
deraadt [Thu, 8 Oct 2015 13:25:04 +0000 (13:25 +0000)]
setsockopt has a small list of options it can set.  If we find ourselves
only in TAME_UNIX, stop trying after servicing SOL_SOCKET.
discussion with claudio

9 years agoOnly in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN,
deraadt [Thu, 8 Oct 2015 13:21:06 +0000 (13:21 +0000)]
Only in TAME_ROUTE, allow ioctl SIOCGIFADDR/SIOCGIFFLAGS/SIOCGIFRDOMAIN,
because many routing daemon processes with this attribute need to fetch
that information to work.
discussed with claudio and renato

9 years agothe -P flag overwrites files, so it needs tame "stdio rpath wpath cpath".
deraadt [Thu, 8 Oct 2015 13:17:06 +0000 (13:17 +0000)]
the -P flag overwrites files, so it needs tame "stdio rpath wpath cpath".
the remaining code paths can use tame "stdio rpath cpath". One again,
the "cpath" request says a path-based system call will be used to
"change" filesystem pathname layout, for instance any of O_CREAT, symlink,
rename, unlink...

9 years agoSimpify some code by noting that DOSBBSECTOR is 0, so "if (n >
krw [Thu, 8 Oct 2015 12:54:30 +0000 (12:54 +0000)]
Simpify some code by noting that DOSBBSECTOR is 0, so "if (n >
n+DOSBBSSECTOR) ..." is pointless, as is "n = n + DOSBBSECTOR;".

9 years agoif the mbuf has a valid flowid, use it instead of using siphash24
dlg [Thu, 8 Oct 2015 11:39:59 +0000 (11:39 +0000)]
if the mbuf has a valid flowid, use it instead of using siphash24
and a bunch of header fields we have to parse the mbuf for.

siphash24 is about 20% of the cost of sending a udp packet on a
trunk interface with tcpbench on my box. if there's a flowid set
we get all that back.

ok mpi@ mikeb@ sthen@

9 years agouse the state id to set a flowid on an mbuf.
dlg [Thu, 8 Oct 2015 11:36:51 +0000 (11:36 +0000)]
use the state id to set a flowid on an mbuf.

ok mpi@ mikeb@ sthen@

9 years agosteal some padding in mbuf pkthdrs to store a flow id.
dlg [Thu, 8 Oct 2015 11:36:15 +0000 (11:36 +0000)]
steal some padding in mbuf pkthdrs to store a flow id.

the flowid roughly identifies a flow or connection that the mbuf
is a part of, and can be used instead of hashing contents of the
packet (like src+dst mac and ip addresses) to decide which path a
packet should take.

ok mpi@ mikeb@ sthen@

9 years agoLocal route entries are always UP now, missed in previous.
mpi [Thu, 8 Oct 2015 11:12:43 +0000 (11:12 +0000)]
Local route entries are always UP now, missed in previous.

9 years agoImplement set_pages_array_wb() and set_pages_array_wc() for powerpc. Since
kettenis [Thu, 8 Oct 2015 10:25:24 +0000 (10:25 +0000)]
Implement set_pages_array_wb() and set_pages_array_wc() for powerpc.  Since
powerpc doesn't actually implement write-combining fall back to uncached
mappings.

ok mpi@, jsg@

9 years agoAdd a per-page flag to indicate that all mappings of that page should be
kettenis [Thu, 8 Oct 2015 10:20:14 +0000 (10:20 +0000)]
Add a per-page flag to indicate that all mappings of that page should be
uncached.  To be used in the drm code.

ok mpi@

9 years agoallow a test to manage itself the tame(2) call.
semarie [Thu, 8 Oct 2015 10:09:09 +0000 (10:09 +0000)]
allow a test to manage itself the tame(2) call.

9 years agoUnlock the softnet task.
mpi [Thu, 8 Oct 2015 09:51:00 +0000 (09:51 +0000)]
Unlock the softnet task.

ok dlg@, kettenis@

9 years agofix an fd leak if socket connection fails; from Carlin Bingham
jsg [Thu, 8 Oct 2015 09:40:32 +0000 (09:40 +0000)]
fix an fd leak if socket connection fails; from Carlin Bingham
ok reyk@

9 years agofix a typo; from Carlin Bingham
jsg [Thu, 8 Oct 2015 09:32:13 +0000 (09:32 +0000)]
fix a typo; from Carlin Bingham

9 years agoCall em_start() when we detect a link state change such that packets start
kettenis [Thu, 8 Oct 2015 09:21:26 +0000 (09:21 +0000)]
Call em_start() when we detect a link state change such that packets start
flowing again even if the send queue is currently full.  Restores the fix
made by makeb@ in rev 1.263 which was lost in making the tx completion path
mpsafe.

ok mikeb@

9 years agoUse the radix API directly and get rid of the function pointers. There
mpi [Thu, 8 Oct 2015 08:41:58 +0000 (08:41 +0000)]
Use the radix API directly and get rid of the function pointers.  There
is no point in keeping an unused level of abstraction.

ok mikeb@, claudio@

9 years agoadd comment, suggested by reyk
sthen [Thu, 8 Oct 2015 08:29:21 +0000 (08:29 +0000)]
add comment, suggested by reyk

9 years agoLink the result of each mps_getbulkreq() to the end of the previous list
sthen [Thu, 8 Oct 2015 08:17:30 +0000 (08:17 +0000)]
Link the result of each mps_getbulkreq() to the end of the previous list
and not the start of it. Fixes getbulk requests for multiple OIDs.

From Gerhard Roth, ok blambert@

9 years agouse correct return value for IP-MIB::ipForwarding, tweak/ok uebayasi@
sthen [Thu, 8 Oct 2015 07:26:34 +0000 (07:26 +0000)]
use correct return value for IP-MIB::ipForwarding, tweak/ok uebayasi@

9 years agotrailing whitespace;
jmc [Thu, 8 Oct 2015 07:22:02 +0000 (07:22 +0000)]
trailing whitespace;

9 years agoTry again. Both -R and -p prevent use of tame, but other cases can use it.
deraadt [Thu, 8 Oct 2015 04:39:24 +0000 (04:39 +0000)]
Try again.  Both -R and -p prevent use of tame, but other cases can use it.

9 years agosync
deraadt [Thu, 8 Oct 2015 03:00:46 +0000 (03:00 +0000)]
sync

9 years agoRip the guts out of another gibbering horror of a time comparison function, and
beck [Thu, 8 Oct 2015 02:42:58 +0000 (02:42 +0000)]
Rip the guts out of another gibbering horror of a time comparison function, and
mark it as #ifndef LIBRESSL_INTERNAL at least we don't use this.
ok jsing@

9 years agorevert previous accidental commit
beck [Thu, 8 Oct 2015 02:29:11 +0000 (02:29 +0000)]
revert previous accidental commit

9 years agoSpelling in comment
beck [Thu, 8 Oct 2015 02:26:31 +0000 (02:26 +0000)]
Spelling in comment

9 years agoah, fchflags. We will come back to this issue later
deraadt [Thu, 8 Oct 2015 00:07:20 +0000 (00:07 +0000)]
ah, fchflags.  We will come back to this issue later

9 years agoAdd tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certificate
beck [Wed, 7 Oct 2015 23:33:38 +0000 (23:33 +0000)]
Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certificate
validity times for tls connections.
ok jsing@

9 years agoAllow us to get cipher and version even if there is not a peer certificate.
beck [Wed, 7 Oct 2015 23:25:45 +0000 (23:25 +0000)]
Allow us to get cipher and version even if there is not a peer certificate.
ok doug@

9 years agoIn theory, bgpd should be happy with tame "stdio unix route recvfd".
deraadt [Wed, 7 Oct 2015 20:26:16 +0000 (20:26 +0000)]
In theory, bgpd should be happy with tame "stdio unix route recvfd".
Let's hear from people's experiences by commiting it.

9 years agouse new tame "route" feature when possible
deraadt [Wed, 7 Oct 2015 20:25:40 +0000 (20:25 +0000)]
use new tame "route" feature when possible

9 years agouse fatal() instead of err(); from benno
deraadt [Wed, 7 Oct 2015 20:25:22 +0000 (20:25 +0000)]
use fatal() instead of err(); from benno

9 years agoSplit out routing sysctl's from tame "inet", and put them into the
deraadt [Wed, 7 Oct 2015 19:52:54 +0000 (19:52 +0000)]
Split out routing sysctl's from tame "inet", and put them into the
new tame "route" request.  Now routing daemons and tools (such as arp),
can narrowly ask for either feature.  One thing remains available in
both cases -- support for getifaddr()'s, since libc and programs often
use that in close association with socket creation.
ok benno sthen beck, some discussion with renato