openbsd
9 years agoIn rev 1.15 the sizeof argument was fixed in a strlcat() call but
millert [Tue, 13 Oct 2015 20:55:37 +0000 (20:55 +0000)]
In rev 1.15 the sizeof argument was fixed in a strlcat() call but
the truncation check immediately following it was not updated to
match.  Not an issue in practice since the buffers are the same
size.  OK deraadt@

9 years agoCheck if a file name can be extracted from a line before marking for
lum [Tue, 13 Oct 2015 20:10:09 +0000 (20:10 +0000)]
Check if a file name can be extracted from a line before marking for
deletion.

9 years ago3 more headers required for one stinking inet6 ioctl..
deraadt [Tue, 13 Oct 2015 20:00:49 +0000 (20:00 +0000)]
3 more headers required for one stinking inet6 ioctl..

9 years ago- pf_insert_src_node(): global argument (arg6) is useless, function
sashan [Tue, 13 Oct 2015 19:32:31 +0000 (19:32 +0000)]
- pf_insert_src_node(): global argument (arg6) is useless, function
  always gets pointer to rule.

- pf_remove_src_node(): function should always remove matching src node,
  regardless the sn->rule.ptr being NULL or valid rule

- sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com

OK mpi@, OK mikeb@

9 years agosm_error() already does the exit for us.
ajacoutot [Tue, 13 Oct 2015 18:52:56 +0000 (18:52 +0000)]
sm_error() already does the exit for us.

9 years agoAllow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.
deraadt [Tue, 13 Oct 2015 18:42:06 +0000 (18:42 +0000)]
Allow ioctl SIOCGNBRINFO_IN6 in case of "route", for use by ndp.

9 years agoNET_RT_FLAGS must also accept a proto selection.
deraadt [Tue, 13 Oct 2015 18:38:34 +0000 (18:38 +0000)]
NET_RT_FLAGS must also accept a proto selection.

9 years agoTest t16 for ed-formatted diffs does not contain a substitution.
tobias [Tue, 13 Oct 2015 17:07:05 +0000 (17:07 +0000)]
Test t16 for ed-formatted diffs does not contain a substitution.
Add a minimalistic check in t17.

9 years agoIgnore the setuid/setgid/sticky bits when copying the permissions of an input
tim [Tue, 13 Oct 2015 16:55:03 +0000 (16:55 +0000)]
Ignore the setuid/setgid/sticky bits when copying the permissions of an input
file to the new output file. In preparation for pledge(2).

Suggested by and OK millert@

9 years agoReplace our /^\.\././ expression with /.//. The term is simpler and has
tobias [Tue, 13 Oct 2015 16:37:17 +0000 (16:37 +0000)]
Replace our /^\.\././ expression with /.//. The term is simpler and has
the same meaning in our diff ed-context.

As a bonus, our ed-diff output can be processed by GNU patch now, too.

okay millert@

9 years agoPut ASN1_dup() under #ifndef LIBRESSL_INTERNAL.
jsing [Tue, 13 Oct 2015 16:31:08 +0000 (16:31 +0000)]
Put ASN1_dup() under #ifndef LIBRESSL_INTERNAL.

9 years agoAfter the socket is open, the remainder is just io operations.
deraadt [Tue, 13 Oct 2015 16:30:55 +0000 (16:30 +0000)]
After the socket is open, the remainder is just io operations.
Use pledge "stdio".

9 years agoRemove -b flag and let ping6 set the socket buffer size automatically
florian [Tue, 13 Oct 2015 16:26:54 +0000 (16:26 +0000)]
Remove -b flag and let ping6 set the socket buffer size automatically
like ping.
Suggested by deraadt@, OK dlg

9 years ago-C and -c allow at most one input file. Ensure this is the case when the
tim [Tue, 13 Oct 2015 16:21:42 +0000 (16:21 +0000)]
-C and -c allow at most one input file. Ensure this is the case when the
input files are specified through --files0-from.

OK millert@

9 years agoapply PubkeyAcceptedKeyTypes filtering earlier, so all skipped
djm [Tue, 13 Oct 2015 16:15:21 +0000 (16:15 +0000)]
apply PubkeyAcceptedKeyTypes filtering earlier, so all skipped
keys are noted before pubkey authentication starts. ok dtucker@

9 years agoallow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge
deraadt [Tue, 13 Oct 2015 16:09:24 +0000 (16:09 +0000)]
allow getsockopt IP_RECVDSTPORT & IPV6_RECVDSTPORT for an "inet" pledge

9 years agosemarie points out i am already forgetting the rules are very tight around
deraadt [Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)]
semarie points out i am already forgetting the rules are very tight around
*chown, even "proc fattr" won't let you do such a job.  remove early pledge(),
only leave call after fchown, before when symbol table work gets done.

9 years agoReduce the amount of code by moving the three copies of the ohash
schwarze [Tue, 13 Oct 2015 15:50:15 +0000 (15:50 +0000)]
Reduce the amount of code by moving the three copies of the ohash
callback functions into one common place, preparing for the use of
ohash for some additional purposes.  No functional change.

9 years agooops, a chown appears late on the code. to satisfy this pledge
deraadt [Tue, 13 Oct 2015 15:43:19 +0000 (15:43 +0000)]
oops, a chown appears late on the code.  to satisfy this pledge
"stdio rpath wpath cpath getpw fattr proc" early on; "proc fattr"
allows doing work with other uids on the file.  after opening the
db, do the chown (replace with fchown since we know fd) and then
pledge "stdio rpath"; "rpath" due to tmpfile rename() at the end.
mistake spotted by mpi

9 years agoConvert ECParameters_dup() from a macro that uses ASN1_dup_of() into an
jsing [Tue, 13 Oct 2015 15:25:18 +0000 (15:25 +0000)]
Convert ECParameters_dup() from a macro that uses ASN1_dup_of() into an
actual function. This removes the last ASN1_dup_of usage from the tree.

Feedback from doug@ and miod@

9 years agocan pledge "stdio" after opening device.
deraadt [Tue, 13 Oct 2015 15:15:30 +0000 (15:15 +0000)]
can pledge "stdio" after opening device.

9 years agopledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed
deraadt [Tue, 13 Oct 2015 15:14:26 +0000 (15:14 +0000)]
pledge "stdio rpath wpath cpath fattr"; fattr due to locking code borrowed
from mail.local

9 years agopledge "stdio rpath wpath cpath", full path handling to satisfy dbopen()
deraadt [Tue, 13 Oct 2015 15:12:53 +0000 (15:12 +0000)]
pledge "stdio rpath wpath cpath", full path handling to satisfy dbopen()

9 years agopledge "stdio rpath wpath cpath proc exec". creates files throughout
deraadt [Tue, 13 Oct 2015 15:11:48 +0000 (15:11 +0000)]
pledge "stdio rpath wpath cpath proc exec".  creates files throughout
it's lifetime, and often runs a pipe through "cpp"

9 years agopledge "stdio rpath wpath cpath"
deraadt [Tue, 13 Oct 2015 15:10:30 +0000 (15:10 +0000)]
pledge "stdio rpath wpath cpath"

9 years agoDon't use exp2f(), it breaks build on vax. Use a shift instead.
stsp [Tue, 13 Oct 2015 14:36:15 +0000 (14:36 +0000)]
Don't use exp2f(), it breaks build on vax. Use a shift instead.
reported by deraadt@

9 years agoConvert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to
jsing [Tue, 13 Oct 2015 14:03:26 +0000 (14:03 +0000)]
Convert a number of the old ASN1_{d2i,i2d}_{bio,fp}_of() macros to
ASN1_item_{d2i,i2d}_{bio,fp}() function calls.

ok beck@ doug@

9 years agoSingle byte read/write tests.
jsing [Tue, 13 Oct 2015 13:59:45 +0000 (13:59 +0000)]
Single byte read/write tests.

9 years agoAdd test coverage for peer certificate info and connection info.
jsing [Tue, 13 Oct 2015 13:58:33 +0000 (13:58 +0000)]
Add test coverage for peer certificate info and connection info.

9 years agoMake regress work again post hackathon tls_handshake/tls_read/tls_write
jsing [Tue, 13 Oct 2015 12:56:20 +0000 (12:56 +0000)]
Make regress work again post hackathon tls_handshake/tls_read/tls_write
changes.

9 years agoGroup d2i/i2d function prototypes by type and add missing externs for the
jsing [Tue, 13 Oct 2015 12:31:06 +0000 (12:31 +0000)]
Group d2i/i2d function prototypes by type and add missing externs for the
DSAPublicKey, DSAPrivateKey and DSAparams ASN1_ITEMs.

9 years agoSync printf family return value with ISO C which specifies that
millert [Tue, 13 Oct 2015 12:25:04 +0000 (12:25 +0000)]
Sync printf family return value with ISO C which specifies that
these functions return a negative value on failure.
OK doug@ deraadt@

9 years agoAdd a helper for writing the message to simplify the code.
eric [Tue, 13 Oct 2015 11:32:47 +0000 (11:32 +0000)]
Add a helper for writing the message to simplify the code.
It also fixes the reported message length by taking prepended
headers into account and adds missing error checks there.

ok millert@ gilles@

9 years agopledge() queue process
gilles [Tue, 13 Oct 2015 11:03:30 +0000 (11:03 +0000)]
pledge() queue process

ok deraadt@

9 years agopledge() control process
gilles [Tue, 13 Oct 2015 10:59:04 +0000 (10:59 +0000)]
pledge() control process

ok deraadt@

9 years agoMake use of rtisvalid(9) to check if local route entries match existing
mpi [Tue, 13 Oct 2015 10:29:16 +0000 (10:29 +0000)]
Make use of rtisvalid(9) to check if local route entries match existing
configured addressses.

ok mikeb@

9 years agoSimplify arptfree() to no longer look at the route entry's refcounter.
mpi [Tue, 13 Oct 2015 10:21:27 +0000 (10:21 +0000)]
Simplify arptfree() to no longer look at the route entry's refcounter.

ARP entries with an expired timeout are now removed from the tree even
if they are cached somehwere else.  This also reduces differences with
NDP.

ok bluhm@

9 years agoUse rtisivalid(9) to check if the given (cached) route can be used.
mpi [Tue, 13 Oct 2015 10:16:17 +0000 (10:16 +0000)]
Use rtisivalid(9) to check if the given (cached) route can be used.

Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity.  This cannot be
improved without a massive refactoring.

The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.

I'd explain the RTF_UP flag as follow:

.  If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
.  call rtalloc(9) to see if a better entry is present in the tree.

This is enough to support MPATH and route cache invalidation.

ok bluhm@

9 years agoMake sure RTF_LOCAL route entries are UP when added to the tree.
mpi [Tue, 13 Oct 2015 09:59:37 +0000 (09:59 +0000)]
Make sure RTF_LOCAL route entries are UP when added to the tree.

This is required to maintain the original BSD behavior of locally
configured addresses being always reacheable.

Some interfaces are^w^W^Wem(4) is special and generally has a DOWN
link state when configured by netstart(8).  As a result all the
route entries cloned/added before its link state goes to UP are also
marked as DOWN.

Note that this problem was not present when local addresses were
attached to lo0.

ok mikeb@

9 years agoInitialize va_filerev in vattr_null() to avoid leaking stack garbage;
guenther [Tue, 13 Oct 2015 09:11:48 +0000 (09:11 +0000)]
Initialize va_filerev in vattr_null() to avoid leaking stack garbage;
problem pointed out by Martin Natano (natano (at) natano.net)

Also, stop chaining assignments (foo = bar = baz) in vattr_null().
The exact meaning of those depends on the order of the sizes-and-
signednesses of the lvalues, making them fragile: a statement here
mixed *six* types, but managed to get them in a safe order.  Delete
a 20+ year old XXX comment that was almost certainly bemoaning a bug
from when they were in an unsafe order.

ok deraadt@ miod@

9 years agoctype functions isxdigit() expect an unsigned char value; add missing casts
guenther [Tue, 13 Oct 2015 08:53:43 +0000 (08:53 +0000)]
ctype functions isxdigit() expect an unsigned char value; add missing casts
and adjust variable types to get correct behavior

ok beck@ millert@

9 years agoTo alter just the atime of the mailspool, use utimensat()+UTIME_OMIT instead
guenther [Tue, 13 Oct 2015 08:49:51 +0000 (08:49 +0000)]
To alter just the atime of the mailspool, use utimensat()+UTIME_OMIT instead
of stat()+utimes().  Prefer clock_gettime() over gettimeofday() to avoid
timeval->timespec conversion

ok millert@

9 years agoPlug a leak.
sunil [Tue, 13 Oct 2015 08:33:06 +0000 (08:33 +0000)]
Plug a leak.

Ok gilles@, reyk@

9 years agopledge("stdio") the scheduler process
gilles [Tue, 13 Oct 2015 08:09:25 +0000 (08:09 +0000)]
pledge("stdio") the scheduler process

9 years agopledge("stdio") the RSA-privsep process
gilles [Tue, 13 Oct 2015 08:07:35 +0000 (08:07 +0000)]
pledge("stdio") the RSA-privsep process

9 years agolet the enqueuer pledge() in both online and offline modes
gilles [Tue, 13 Oct 2015 08:06:22 +0000 (08:06 +0000)]
let the enqueuer pledge() in both online and offline modes

ok deraadt@

9 years agoPass unsigned chars to ctype functions.
reyk [Tue, 13 Oct 2015 07:57:13 +0000 (07:57 +0000)]
Pass unsigned chars to ctype functions.

From Michael McConville

9 years agonew sentence, new line;
jmc [Tue, 13 Oct 2015 07:23:49 +0000 (07:23 +0000)]
new sentence, new line;
do not Xr self;

9 years agooffline queue is no longer user-writable, do not attempt resetting fchflags
gilles [Tue, 13 Oct 2015 07:18:53 +0000 (07:18 +0000)]
offline queue is no longer user-writable, do not attempt resetting fchflags
it serves no purpose.

ok millert@, ok jung@, ok eric@

9 years agoPledge "stdio rpath" requests for nologin.
doug [Tue, 13 Oct 2015 07:10:38 +0000 (07:10 +0000)]
Pledge "stdio rpath" requests for nologin.

ok deraadt@
"reads ok" semarie@

9 years agoObvious pledge "stdio" for yes.
doug [Tue, 13 Oct 2015 07:03:26 +0000 (07:03 +0000)]
Obvious pledge "stdio" for yes.

ok deraadt@

9 years agorevert previous. changes the behaviour of:
daniel [Tue, 13 Oct 2015 04:30:53 +0000 (04:30 +0000)]
revert previous. changes the behaviour of:
rm -f ""

9 years agoAdd some newer DT_* and DF_* constants
guenther [Tue, 13 Oct 2015 04:29:50 +0000 (04:29 +0000)]
Add some newer DT_* and DF_* constants

ok kettenis@ miod@

9 years agoTighten the ranges in wcrtomb(3).
bentley [Tue, 13 Oct 2015 02:17:46 +0000 (02:17 +0000)]
Tighten the ranges in wcrtomb(3).

By definition, the range of valid Unicode code points is the union of
U+0000..U+D7FF and U+E000..U+10FFFF (see Unicode 8.0.0, chapter 3.9).

In UTF-16, the encoded values that would represent U+D800..U+DFFF are
used for surrogate pairs. UTF-8 has no concept of surrogate pairs;
attempting to treat them as regular code points violates the standard
and makes no sense besides.

ok stsp@

9 years agofree the correct IV length, don't assume it's always the cipher
djm [Tue, 13 Oct 2015 00:21:27 +0000 (00:21 +0000)]
free the correct IV length, don't assume it's always the cipher
blocksize; ok dtucker@

9 years agoPledge "fattr" request should allow fchflags().
doug [Tue, 13 Oct 2015 00:03:42 +0000 (00:03 +0000)]
Pledge "fattr" request should allow fchflags().

"add it" deraadt@

9 years agosatisfy jmc!
deraadt [Mon, 12 Oct 2015 23:32:55 +0000 (23:32 +0000)]
satisfy jmc!

9 years agopledge "proc" request should allow setsid()
deraadt [Mon, 12 Oct 2015 23:16:23 +0000 (23:16 +0000)]
pledge "proc" request should allow setsid()

9 years agoplegde(2) for apropos(1), help(1), man(1), mandoc(1), and whatis(1):
schwarze [Mon, 12 Oct 2015 22:41:18 +0000 (22:41 +0000)]
plegde(2) for apropos(1), help(1), man(1), mandoc(1), and whatis(1):
Always needed: stdio rpath (to open multiple files and for .so)
In addition after starting the pager: tmppath (to clean up the temp files)
In addition before starting the pager: proc exec
Looks good to deraadt@.

9 years agopledge(2) for makewhatis(8):
schwarze [Mon, 12 Oct 2015 22:30:27 +0000 (22:30 +0000)]
pledge(2) for makewhatis(8):
Always needed: stdio rpath.
In addition when writing to an existing db: wpath cpath fattr.
In addition when creating a new db: proc exec.
Based on work by and OK bentley@, "get moving" deraadt@.

9 years agodo not call sync() when committing a message, it's not helping in any way
gilles [Mon, 12 Oct 2015 22:29:49 +0000 (22:29 +0000)]
do not call sync() when committing a message, it's not helping in any way

9 years agosurprisingly, this can pledge "stdio rpath exec" right at start. once
deraadt [Mon, 12 Oct 2015 22:01:08 +0000 (22:01 +0000)]
surprisingly, this can pledge "stdio rpath exec" right at start. once
the config file is opened, it can pledge "stdio exec", and be on its
merry way to start the real MTA

9 years agoRemove the "cmsg" attribute, as promised. Use "sendfd" or "recvfd",
deraadt [Mon, 12 Oct 2015 21:43:20 +0000 (21:43 +0000)]
Remove the "cmsg" attribute, as promised.  Use "sendfd" or "recvfd",
depending on what you need.  inet/inet6 cmsg's come through unmolested --
that is something to consider later.

9 years agoAdd details about a variety of semantics; going to keep adding and then
deraadt [Mon, 12 Oct 2015 21:40:38 +0000 (21:40 +0000)]
Add details about a variety of semantics; going to keep adding and then
reevaluate the direction of this manual page a bit later.

9 years agoAdd missing checks for write errors; OK eric@
millert [Mon, 12 Oct 2015 21:32:27 +0000 (21:32 +0000)]
Add missing checks for write errors; OK eric@

9 years agoDelete an assignment that is unconditionally overwritten two lines later;
schwarze [Mon, 12 Oct 2015 21:25:36 +0000 (21:25 +0000)]
Delete an assignment that is unconditionally overwritten two lines later;
found by Svyatoslav Mishyn <juef at openmailbox dot org>
with the clang static analyzer.

9 years agoGarbage collect an unused variable, no functional change;
schwarze [Mon, 12 Oct 2015 21:16:32 +0000 (21:16 +0000)]
Garbage collect an unused variable, no functional change;
found by Svyatoslav Mishyn <juef at openmailbox dot org> with cppcheck.

9 years agoCheck the right pointer against NULL;
schwarze [Mon, 12 Oct 2015 21:09:08 +0000 (21:09 +0000)]
Check the right pointer against NULL;
fixing a pasto introduced in the previous commit;
found by Svyatoslav Mishyn <juef at openmailbox dot org> with cppcheck.

9 years agoCheck that the disk specified on the command line is the disk that
krw [Mon, 12 Oct 2015 20:52:20 +0000 (20:52 +0000)]
Check that the disk specified on the command line is the disk that
files are copied to. Error out with 'cross-device install' if not.

ok millert@, ok deraadt@ & jsing@ for previous version

9 years agoadd Date header when a session iniated locally doesn't add one
gilles [Mon, 12 Oct 2015 20:16:31 +0000 (20:16 +0000)]
add Date header when a session iniated locally doesn't add one

ok millert@, ok eric@

9 years agothese callers of ttyname() no longer need to pledge "tty"
deraadt [Mon, 12 Oct 2015 20:03:24 +0000 (20:03 +0000)]
these callers of ttyname() no longer need to pledge "tty"

9 years agottyname() no longer does ioctl TIOCGETA, so pledge("tty") is no longer
naddy [Mon, 12 Oct 2015 19:56:47 +0000 (19:56 +0000)]
ttyname() no longer does ioctl TIOCGETA, so pledge("tty") is no longer
needed here.  ok deraadt@

9 years agoWhen isatty() was switched to F_ISATTY, the inline copy in ttyname()
naddy [Mon, 12 Oct 2015 19:53:58 +0000 (19:53 +0000)]
When isatty() was switched to F_ISATTY, the inline copy in ttyname()
was forgotten.  Just call isatty().  ok deraadt@

9 years agoMaintain a list of files marked for deletion while refreshing a dired
lum [Mon, 12 Oct 2015 19:08:39 +0000 (19:08 +0000)]
Maintain a list of files marked for deletion while refreshing a dired
buffer. Previously, when refreshing the buffer the files marked for
deletion would be lost.

Since the relationship between the files that have been marked for
deletion and those that exist on disk is volatile, I have chosen to
implement the discovery of marked files during the refresh function as
opposed to maintaining a dired buffer specific list.

9 years agodeprecate & remove -W option; ok florian
deraadt [Mon, 12 Oct 2015 18:32:18 +0000 (18:32 +0000)]
deprecate & remove -W option; ok florian

9 years agoReverse the sm_error call in sm_trap.
ajacoutot [Mon, 12 Oct 2015 18:25:16 +0000 (18:25 +0000)]
Reverse the sm_error call in sm_trap.

pointed out by semarie@... I need some sleep :/

9 years agoOnly remove existing sum files on trap handlers.
ajacoutot [Mon, 12 Oct 2015 18:13:59 +0000 (18:13 +0000)]
Only remove existing sum files on trap handlers.

req. by semarie@

9 years agoMake it clear that umask ignores everything but the rwx bits.
millert [Mon, 12 Oct 2015 17:51:55 +0000 (17:51 +0000)]
Make it clear that umask ignores everything but the rwx bits.
OK deraadt@

9 years agoMake wcrtomb() more readable by weeding out range errors up front,
schwarze [Mon, 12 Oct 2015 17:50:51 +0000 (17:50 +0000)]
Make wcrtomb() more readable by weeding out range errors up front,
doing ASCII handling once rather than twice, and using <= rather
than ((&~)==) obfuscation (which already caused a bug in the past).
No functional change.
Joint work with and OK stsp@ semarie@ bentley@

9 years agoParentheses are useless after "return", it's not a function.
schwarze [Mon, 12 Oct 2015 17:20:53 +0000 (17:20 +0000)]
Parentheses are useless after "return", it's not a function.
There is no need to mop this up everywhere, but at least style(9)
should show modern rather than historic style.
OK millert@ tedu@

9 years agoCall pledge(2) after initial getsockname(2) to avoid "inet" addition.
uebayasi [Mon, 12 Oct 2015 16:54:30 +0000 (16:54 +0000)]
Call pledge(2) after initial getsockname(2) to avoid "inet" addition.

From & OK deraadt@

9 years agoftp(1) was static for years, as a recovery seatbelt. These days
deraadt [Mon, 12 Oct 2015 16:39:07 +0000 (16:39 +0000)]
ftp(1) was static for years, as a recovery seatbelt.  These days
reliability has improved, and other repair methods are easier from
bsd.rd or whatnot.  As a static binary ftp has limited ASLR, yet it has
7 libraries...  Making it non-static means the ASLR picture improves.
Let's see who moans first.
ok miod daniel

9 years agokvm_mkdb & dev_mkdb are quite similar. pledge "stdio rpath wpath cpath"
deraadt [Mon, 12 Oct 2015 16:01:53 +0000 (16:01 +0000)]
kvm_mkdb & dev_mkdb are quite similar.  pledge "stdio rpath wpath cpath"
except kvm_mkdb also does "getpw".

9 years agopledge wasn't called pledge in 5.8, and it was disabled;
schwarze [Mon, 12 Oct 2015 15:59:26 +0000 (15:59 +0000)]
pledge wasn't called pledge in 5.8, and it was disabled;
issue noticed by tim@, solution suggested by deraadt@

9 years agopledge "stdio rpath wpath cpath"; all the path options are used
deraadt [Mon, 12 Oct 2015 15:56:58 +0000 (15:56 +0000)]
pledge "stdio rpath wpath cpath"; all the path options are used
until the bitter end.

9 years agoUse "-" rather than "\(hy" for the heads of .Bl -dash and -hyphen lists.
schwarze [Mon, 12 Oct 2015 15:27:53 +0000 (15:27 +0000)]
Use "-" rather than "\(hy" for the heads of .Bl -dash and -hyphen lists.
In UTF-8 output, that renders as ASCII HYPHEN-MINUS (U+002D)
rather than HYPHEN (U+2010), which looks better and matches groff.
In ASCII output, it makes no difference.
Suggested by naddy@.

9 years agoAnnotate an pretty obvious signal race... no time to fix it now.
deraadt [Mon, 12 Oct 2015 15:12:44 +0000 (15:12 +0000)]
Annotate an pretty obvious signal race... no time to fix it now.

9 years agoPledge "stdio wpath tty"; "awesome" deraadt@
tim [Mon, 12 Oct 2015 14:33:13 +0000 (14:33 +0000)]
Pledge "stdio wpath tty"; "awesome" deraadt@

9 years agoin fuser mode with -k or -s mode, kill(2) might be called and
deraadt [Mon, 12 Oct 2015 14:09:32 +0000 (14:09 +0000)]
in fuser mode with -k or -s mode, kill(2) might be called and
route lookups won't be needed; so expand the pledge setup to handle
3 codepaths.
from theo buehler

9 years agoreenable pledge(2) on pax, but only if pmode isn't in use or if action
semarie [Mon, 12 Oct 2015 14:01:06 +0000 (14:01 +0000)]
reenable pledge(2) on pax, but only if pmode isn't in use or if action
shouldn't do things with filesystem.

ok deraadt@ millert@

9 years agoThese no longer need to be static. The ramdisk's no longer reach-around
deraadt [Mon, 12 Oct 2015 13:53:40 +0000 (13:53 +0000)]
These no longer need to be static.  The ramdisk's no longer reach-around
and use the one in the base install, but have their own copy.
ok millert sthen miod daniel

9 years agothe pattr argument to IFQ_ENQUEUE is unused, so let's get rid of it.
dlg [Mon, 12 Oct 2015 13:17:58 +0000 (13:17 +0000)]
the pattr argument to IFQ_ENQUEUE is unused, so let's get rid of it.

also the comment above IFQ_ENQUEUE that says the pattr argument is unused.

ok mpi@

9 years agoFix a copy-pasto: Check the correct bit for STBC beacon in HT OP element.
stsp [Mon, 12 Oct 2015 13:01:50 +0000 (13:01 +0000)]
Fix a copy-pasto: Check the correct bit for STBC beacon in HT OP element.
ok sthen@

9 years agoindent the builtin text a little, for naddy;
jmc [Mon, 12 Oct 2015 12:34:42 +0000 (12:34 +0000)]
indent the builtin text a little, for naddy;

9 years agotwo leftovers string missed in tame->pledge conversion
semarie [Mon, 12 Oct 2015 12:17:36 +0000 (12:17 +0000)]
two leftovers string missed in tame->pledge conversion

ok jsg@

9 years agoUnify link state change notification.
mpi [Mon, 12 Oct 2015 11:32:39 +0000 (11:32 +0000)]
Unify link state change notification.

ok mikeb@

9 years agodont need to do suser checks in ioctl paths cos if.c does them for us.
dlg [Mon, 12 Oct 2015 10:51:49 +0000 (10:51 +0000)]
dont need to do suser checks in ioctl paths cos if.c does them for us.

ok mikeb@ mpi@

9 years agoprotect SIOCSLIFPHYTTL, SIOCSVNETID so only root can call them, and
dlg [Mon, 12 Oct 2015 10:49:40 +0000 (10:49 +0000)]
protect SIOCSLIFPHYTTL, SIOCSVNETID so only root can call them, and
return EPNOTSUPP for SIOCGLIFPHYTTL and SIOCGVNETID. all so drivers
dont have to do these checks themselves.

ok mikeb@ mpi@

9 years agofix case of PACkAGE_REPOSITORY; remco at dpub nl
sthen [Mon, 12 Oct 2015 10:27:22 +0000 (10:27 +0000)]
fix case of PACkAGE_REPOSITORY; remco at dpub nl
               ^

9 years agoIntroduce bridge_ifinput() to handle some repeated logic before
reyk [Mon, 12 Oct 2015 10:03:25 +0000 (10:03 +0000)]
Introduce bridge_ifinput() to handle some repeated logic before
if_input() and to have a counterpart for bridge_ifenqueue() that helps
to understand the traffic/code flow in bridge better.  The bridge
currently only puts a single packet on the input mbuf list, and
changing will need to undo part of this commit, but it still makes
sense to have a well-defined call for the ports receive path.
No functional change.

OK mpi@