openbsd
10 years agoDemonstrate how new linux getrandom() will be called, at least until
deraadt [Sun, 20 Jul 2014 03:24:10 +0000 (03:24 +0000)]
Demonstrate how new linux getrandom() will be called, at least until
it shows up in libraries.  Even the system call is probably not finalized.
Bit dissapointed it has turned out to be a descriptor-less read() with
EINVAL and EINTR error conditions, but we can work with it.

10 years agoremove a variable called wantencryption.
deraadt [Sun, 20 Jul 2014 03:00:31 +0000 (03:00 +0000)]
remove a variable called wantencryption.
hahahahahahahahahha.  OK, I'm done.

10 years agoThis pulls in <ddb/db_output.h>, so don't redeclare ddb functions
guenther [Sun, 20 Jul 2014 02:48:59 +0000 (02:48 +0000)]
This pulls in <ddb/db_output.h>, so don't redeclare ddb functions

10 years agoOddly, chmod chgrp chown were at the wrong path on these media.
deraadt [Sun, 20 Jul 2014 02:40:23 +0000 (02:40 +0000)]
Oddly, chmod chgrp chown were at the wrong path on these media.
from Jean-Philippe Ouellet

10 years agoplace sysctl in sorted order; Jean-Philippe Ouellet
deraadt [Sun, 20 Jul 2014 02:37:35 +0000 (02:37 +0000)]
place sysctl in sorted order; Jean-Philippe Ouellet

10 years agoarch was in wrong bin dir; Jean-Philippe Ouellet
deraadt [Sun, 20 Jul 2014 02:36:08 +0000 (02:36 +0000)]
arch was in wrong bin dir; Jean-Philippe Ouellet

10 years agoMark the format string argument to BIO_*printf as not being allowed to be NULL
guenther [Sun, 20 Jul 2014 02:24:21 +0000 (02:24 +0000)]
Mark the format string argument to BIO_*printf as not being allowed to be NULL

ok bcook@

10 years agoMake sure the correct errno is reported by warn* or err* and not
guenther [Sun, 20 Jul 2014 02:03:21 +0000 (02:03 +0000)]
Make sure the correct errno is reported by warn* or err* and not
the errno of an intervening cleanup operation like close/unlink/etc.
Also, the format string for warn* and err* shouldn't end with a newline.

Diff from Doug Hogan (doug (at) acyclic.org)

10 years agoFix ordering breakage, moving the fclose() test last again.
guenther [Sun, 20 Jul 2014 01:58:37 +0000 (01:58 +0000)]
Fix ordering breakage, moving the fclose() test last again.
Also correct some format strings.

From Doug Hogan (doug (at) acyclic.org)

10 years agoUpdate regress to match change in stpcpy() linker message
guenther [Sun, 20 Jul 2014 01:47:17 +0000 (01:47 +0000)]
Update regress to match change in stpcpy() linker message

Noted by Doug Hogan (doug (at) acyclic.org)

10 years agoMake sure the correct errno is reported by warn* or err* and not
guenther [Sun, 20 Jul 2014 01:38:40 +0000 (01:38 +0000)]
Make sure the correct errno is reported by warn* or err* and not
the errno of an intervening cleanup operation like close/unlink/etc.

Diff from Doug Hogan (doug (at) acyclic.org)

10 years agoDelete unused variables found by -Wall
guenther [Sun, 20 Jul 2014 01:29:03 +0000 (01:29 +0000)]
Delete unused variables found by -Wall

10 years agoAdd missing include. Tickled by Doug Hogan (doug (at) acyclic.org)
guenther [Sun, 20 Jul 2014 01:26:17 +0000 (01:26 +0000)]
Add missing include.  Tickled by Doug Hogan (doug (at) acyclic.org)

10 years agoMark fatal() as printf-like.
guenther [Sun, 20 Jul 2014 00:46:26 +0000 (00:46 +0000)]
Mark fatal() as printf-like.
Don't put a format string that's only used once in a variable.

10 years agoFlense the telnet code base of unwanted ifdefs: authentication/encryption
guenther [Sat, 19 Jul 2014 23:50:38 +0000 (23:50 +0000)]
Flense the telnet code base of unwanted ifdefs: authentication/encryption
tn3270, sgtty, pre-POSIX and other ancient system support, etc.  Brings up
to date the manpage with what we support.

ok matthieu@ beck@ jmc@ millert@ deraadt@ okan@

10 years agoPrint a warning message if the files with the random seed are not
bluhm [Sat, 19 Jul 2014 21:27:16 +0000 (21:27 +0000)]
Print a warning message if the files with the random seed are not
writeable during shutdown.  This prevents ugly error messages when
the machine is rebooted from singe-user without mounting the file
systems read-write.
suggested by deraadt@

10 years agoExplicitely check the value of REGRESS_SKIP_SLOW rather than its emptyness,
miod [Sat, 19 Jul 2014 18:15:53 +0000 (18:15 +0000)]
Explicitely check the value of REGRESS_SKIP_SLOW rather than its emptyness,
for it defaults to a non-empty value; Doug Hogan

10 years agoMake sure struct sockaddr_in gets completely initialized by setting it to zero
miod [Sat, 19 Jul 2014 18:11:12 +0000 (18:11 +0000)]
Make sure struct sockaddr_in gets completely initialized by setting it to zero
before setting the few fields we are interested in; Doug Hogan

10 years agoBring back pci_dopm, but disable it before powerdown.
pirofti [Sat, 19 Jul 2014 18:01:23 +0000 (18:01 +0000)]
Bring back pci_dopm, but disable it before powerdown.

This fixes both the Lemote reboot issue and the USB issue on the
Gdium's that miod@ spotted.

Suggested by kettenis@, thanks!

Okay miod@

10 years agoremove disabled main hook; we use phdr now; ok bcook
deraadt [Sat, 19 Jul 2014 16:12:00 +0000 (16:12 +0000)]
remove disabled main hook; we use phdr now; ok bcook

10 years agoarc4random re-seeds with getentropy() now; ok deraadt@ jmc@
naddy [Sat, 19 Jul 2014 16:11:16 +0000 (16:11 +0000)]
arc4random re-seeds with getentropy() now; ok deraadt@ jmc@

10 years agotab love
deraadt [Sat, 19 Jul 2014 16:10:50 +0000 (16:10 +0000)]
tab love

10 years agoMove _ARC4_ATFORK handlers from thread_private.h in portable.
bcook [Sat, 19 Jul 2014 15:29:25 +0000 (15:29 +0000)]
Move _ARC4_ATFORK handlers from thread_private.h in portable.

10 years agomove _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modules
bcook [Sat, 19 Jul 2014 14:34:38 +0000 (14:34 +0000)]
move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modules

10 years agoSecurity fix:
schwarze [Sat, 19 Jul 2014 13:15:07 +0000 (13:15 +0000)]
Security fix:
Validate the manpath up front and report a Bad Request if it is not
listed in manpath.conf, such that clients can't probe which directories
exist on the server.  In case of configuration errors, consistently
report Internal Server Error without disclosing any further information.

Partially based on a patch from Sebastien Marie <semarie-openbsd at
latrappe dot fr>, but avoiding a couple of issues with that patch
and approaching the issue in a somewhat more rigorous way.

10 years agofixup typos
bcook [Sat, 19 Jul 2014 13:02:28 +0000 (13:02 +0000)]
fixup typos

10 years agoBackout pci_dopm usage as it also breaks reboot on Lemote's.
pirofti [Sat, 19 Jul 2014 12:54:09 +0000 (12:54 +0000)]
Backout pci_dopm usage as it also breaks reboot on Lemote's.

Noticed by matthieu@.

10 years agoSecurity fix:
schwarze [Sat, 19 Jul 2014 11:35:09 +0000 (11:35 +0000)]
Security fix:
Validate the name of the file to show before opening it.
Only allow relative filenames starting with "man" or "cat"
and containing neither "/.." nor "../".

While here, correct the condition discarding an initial "./".

Vulnerability found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Many thanks for sending a patch; however, i did not use it but made the
checks even stricter.

10 years agoDocument that abort() is async signal safe now that it doesn't flush
matthew [Sat, 19 Jul 2014 08:55:22 +0000 (08:55 +0000)]
Document that abort() is async signal safe now that it doesn't flush
stdio buffers

While here replace "SUSv[67]" with "POSIX Issue [67]" and update
signal(3) to mention that pselect() and ppoll() are async signal safe
like sigaction(2) already does.

ok guenther

10 years agoactually use the cve match_location correctly.
espie [Sat, 19 Jul 2014 08:48:44 +0000 (08:48 +0000)]
actually use the cve match_location correctly.
problem noticed by aja@

10 years agomiod pointed out i forgot which way round casts go.
dlg [Sat, 19 Jul 2014 05:27:17 +0000 (05:27 +0000)]
miod pointed out i forgot which way round casts go.

10 years agoFix strtonum range to unbreak -pass fd:0
lteo [Sat, 19 Jul 2014 03:40:26 +0000 (03:40 +0000)]
Fix strtonum range to unbreak -pass fd:0

ok deraadt@

10 years agoChange _rs_allocate so it can combine the two regions (rs and rsx)
deraadt [Sat, 19 Jul 2014 00:08:41 +0000 (00:08 +0000)]
Change _rs_allocate so it can combine the two regions (rs and rsx)
into one if a system has an awesome getentropy().  In that case it
is valid to totally throw away the rsx state in the child.  If the
getentropy() is not very good and has a lazy reseed operation, this
combining is a bad idea, and the reseed should probably continue to
use the "something old, something new" mix.  _rs_allocate() can
accomodate either method, but not on the fly.
ok matthew

10 years agoThe pf forward tests were running rdr-to and nat-to simultaneously
bluhm [Fri, 18 Jul 2014 23:54:55 +0000 (23:54 +0000)]
The pf forward tests were running rdr-to and nat-to simultaneously
only.  Change address layout and add individual tests for each
feature rdr-to and nat-to and rdr-to together with nat-to.

10 years agoCleanup portable arc4random fork detection code:
matthew [Fri, 18 Jul 2014 21:40:54 +0000 (21:40 +0000)]
Cleanup portable arc4random fork detection code:

1. Use "len" parameter instead of sizeof(*rs).

2. Simplify the atfork handler to be strictly async signal safe by
simply writing to a global volatile sig_atomic_t object, and then
checking for this in _rs_forkdetect().  (Idea from discussions with
Szabolcs Nagy and Rich Felker.)

3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO
fork semantics to avoid any skew in behavior across platforms.

ok deraadt

10 years agosync
deraadt [Fri, 18 Jul 2014 19:50:35 +0000 (19:50 +0000)]
sync

10 years agoOops, getentropy() is an "extension interface", not a "base interface"
matthew [Fri, 18 Jul 2014 19:24:42 +0000 (19:24 +0000)]
Oops, getentropy() is an "extension interface", not a "base interface"

Also, update the async signal safe list in signal(3) too (reminded by
deraadt)

10 years agoDocument that getentropy() is async signal safe.
matthew [Fri, 18 Jul 2014 19:19:20 +0000 (19:19 +0000)]
Document that getentropy() is async signal safe.

Pointed out by Jean-Philippe Ouellet

10 years agoDo not use the HTTP_HOST CGI variable,
schwarze [Fri, 18 Jul 2014 19:02:07 +0000 (19:02 +0000)]
Do not use the HTTP_HOST CGI variable,
just make the HTTP redirect Location: relative.
Less user input is good, it reduces the attack surface.
Besides, this removes one global variable and 4 lines of code.

Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>.

10 years agoSince syslog messages are now sent via the sendsyslog(2) system call,
deraadt [Fri, 18 Jul 2014 18:20:42 +0000 (18:20 +0000)]
Since syslog messages are now sent via the sendsyslog(2) system call,
we no longer need the spread of dev/log AF_UNIX sockets all over the
various chroot spaces.
ok beck millert aja

10 years agoAs discussed with beck, tweak the wording for getentropy slightly so
deraadt [Fri, 18 Jul 2014 18:20:17 +0000 (18:20 +0000)]
As discussed with beck, tweak the wording for getentropy slightly so
that a certain kind of people don't go bonkers over "what is entropy".
it is what it is, input to PRNG's.

10 years agougly ugly whitespace
deraadt [Fri, 18 Jul 2014 18:17:28 +0000 (18:17 +0000)]
ugly ugly whitespace

10 years agomissing newline
deraadt [Fri, 18 Jul 2014 18:01:26 +0000 (18:01 +0000)]
missing newline

10 years agofix sorted output
espie [Fri, 18 Jul 2014 16:57:41 +0000 (16:57 +0000)]
fix sorted output

10 years agoWhen the MAN_DIR/manpath.conf configuration file does not exist or is empty,
schwarze [Fri, 18 Jul 2014 14:46:20 +0000 (14:46 +0000)]
When the MAN_DIR/manpath.conf configuration file does not exist or is empty,
log the problem, hand the pg_error_internal() error page to the client,
and exit(3) in a controlled way instead of stumbling on and segfaulting
later.

Patch from Sebastien Marie <semarie-openbsd at latrappe dot fr>,
messages tweaked by me.

10 years agoFix privsep.c. Call missing imsg_free() after imsg_get(). Also add
yasuoka [Fri, 18 Jul 2014 13:16:22 +0000 (13:16 +0000)]
Fix privsep.c.  Call missing imsg_free() after imsg_get().  Also add
missing #include <net/if.h> to use IFNAMESIZ and replace some strncmp()
by startswith().

10 years agoatomic_swap_ptr is special.
dlg [Fri, 18 Jul 2014 12:44:53 +0000 (12:44 +0000)]
atomic_swap_ptr is special.

for jmatthew@

10 years agoFollow the recent addition of /usr/local/lib/pkgconfig and add
ajacoutot [Fri, 18 Jul 2014 11:35:32 +0000 (11:35 +0000)]
Follow the recent addition of /usr/local/lib/pkgconfig and add
/usr/local/share/pkgconfig

ok sthen@

10 years agoCleanups:
ajacoutot [Fri, 18 Jul 2014 10:43:29 +0000 (10:43 +0000)]
Cleanups:
- links are already ignored when creating the sums
- better CVSID match

10 years agopass atomic_{cas,swap}_uint a volatile void * instead of a volatile
dlg [Fri, 18 Jul 2014 10:40:14 +0000 (10:40 +0000)]
pass atomic_{cas,swap}_uint a volatile void * instead of a volatile
void **. the latter is really hard to cast for, and not what what
solaris does.

ok kettenis@

10 years agoimplement 'rootdev' parsing similar to what's already done in the kernel,
jasper [Fri, 18 Jul 2014 07:27:47 +0000 (07:27 +0000)]
implement 'rootdev' parsing similar to what's already done in the kernel,
but this time for bootdev(). defaults to octcf0a if all else fails.

10 years agoRemove "const" from the lsearch(3) manual's synopsis too.
matthew [Fri, 18 Jul 2014 07:25:26 +0000 (07:25 +0000)]
Remove "const" from the lsearch(3) manual's synopsis too.

Reminded by Rafael Neves

10 years agoimplement EFBIG handling for heavily fragmented packets on the tx path.
dlg [Fri, 18 Jul 2014 07:11:04 +0000 (07:11 +0000)]
implement EFBIG handling for heavily fragmented packets on the tx path.

ok claudio@

10 years agozap trailing whitespace;
jmc [Fri, 18 Jul 2014 06:20:36 +0000 (06:20 +0000)]
zap trailing whitespace;

10 years agoChange lsearch()'s "base" argument to require a non-const pointer to
matthew [Fri, 18 Jul 2014 04:16:09 +0000 (04:16 +0000)]
Change lsearch()'s "base" argument to require a non-const pointer to
align with POSIX and other systems.

Pointed out by Elliott Hughes on tech
ok deraadt

10 years agorestore umask around listener socket creation (dropped in streamlocal patch
djm [Fri, 18 Jul 2014 02:46:01 +0000 (02:46 +0000)]
restore umask around listener socket creation (dropped in streamlocal patch
merge)

10 years agoSeperate arc4random's os-dependent parts into static inline functions,
deraadt [Fri, 18 Jul 2014 02:05:55 +0000 (02:05 +0000)]
Seperate arc4random's os-dependent parts into static inline functions,
making it much easier for libressl -portable to fill in the gaps.
ok bcook beck

10 years agoavoid errx(); Jonas Termansen
deraadt [Thu, 17 Jul 2014 23:50:07 +0000 (23:50 +0000)]
avoid errx(); Jonas Termansen

10 years agoavoid sys/param.h; Jonas Termansen
deraadt [Thu, 17 Jul 2014 23:48:24 +0000 (23:48 +0000)]
avoid sys/param.h; Jonas Termansen

10 years agoit is 2014, and we still need to encourage people away from srand()
deraadt [Thu, 17 Jul 2014 23:12:28 +0000 (23:12 +0000)]
it is 2014, and we still need to encourage people away from srand()
and random().  Sigh.

10 years agofiles-to-dump can be a duid;
jmc [Thu, 17 Jul 2014 19:58:05 +0000 (19:58 +0000)]
files-to-dump can be a duid;
From: Maximilian Fillinger

10 years agoRework management of the external L2 cache on the few Indy/Indigo2 systems
miod [Thu, 17 Jul 2014 19:51:58 +0000 (19:51 +0000)]
Rework management of the external L2 cache on the few Indy/Indigo2 systems
which have it.

Instead of implementing external L2 maintainance at the cache routine level,
let bus_dmamap_sync(9) know about the possible existence of an external L2,
and invoke a dedicated routine to perform the necessary cache operations.

This way, the external L2 dmamap_sync function pointer can get invoked with
the physical address to operate on; this saves the pmap_extract() calls the
previous cache routine had to do.

10 years agomatch current permissions
deraadt [Thu, 17 Jul 2014 18:55:42 +0000 (18:55 +0000)]
match current permissions

10 years agosh netstart, instead of using .
deraadt [Thu, 17 Jul 2014 15:08:29 +0000 (15:08 +0000)]
sh netstart, instead of using .
We don't want any of the variables created inside netstart to infect the
rc script.
ok claudio sthen aja

10 years agoUnbreak after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
ajacoutot [Thu, 17 Jul 2014 15:00:06 +0000 (15:00 +0000)]
Unbreak after the rc_do->_rc_do and rc_wait->_rc_wait renaming.
If someone wants to take a shot a modifying this rc script so that it does
not use internal rc.subr functions, be my guest...

spotted by jsg@

10 years ago"Race-free because we're running single-threaded in a new
deraadt [Thu, 17 Jul 2014 14:30:41 +0000 (14:30 +0000)]
"Race-free because we're running single-threaded in a new
address space, and once allocated rs is never deallocated."
document the forkhandler to save reviewers time, with matthew

10 years agozero random buf for sysctl too, just in case
tedu [Thu, 17 Jul 2014 13:44:21 +0000 (13:44 +0000)]
zero random buf for sysctl too, just in case

10 years agozero entropy buf
tedu [Thu, 17 Jul 2014 13:38:22 +0000 (13:38 +0000)]
zero entropy buf

10 years agoadd optional keywords all over the place, and some missing files.
deraadt [Thu, 17 Jul 2014 13:18:10 +0000 (13:18 +0000)]
add optional keywords all over the place, and some missing files.
likely to be more changes here to match the new layout.
ok ingo aja

10 years agoTurn the console code into regular cons_decl() ones, to better fit libsa
miod [Thu, 17 Jul 2014 13:14:06 +0000 (13:14 +0000)]
Turn the console code into regular cons_decl() ones, to better fit libsa
getchar/putchar and be able to link again. Crank minor version.

10 years agointerrupt handlers established via the ioapic didnt get their
dlg [Thu, 17 Jul 2014 12:56:07 +0000 (12:56 +0000)]
interrupt handlers established via the ioapic didnt get their
ih_flags set. ih_flags are used by the intr_handler() code to
determine if the kernel lock should be taken or not.

because the flags werent set, random memory was used instead which
in turn meant you sometimes didnt have the biglock when running
interrupt handlers which relied on it. races ahoy.

this was found by jmatthew@ while helping me try to figure out why
bnx was blowing up and causing double frees and use after frees.
turns out bnx was the smoke for this fire.

sorry it took so long.

ok kettenis@ sthen@
sthen@ seems happy to have the i386 ports build machine working again.

10 years agoimmidiatelly -> immediately
miod [Thu, 17 Jul 2014 12:37:46 +0000 (12:37 +0000)]
immidiatelly -> immediately

10 years agoMove comment about strcasecmp() to a more suitable spot.
stsp [Thu, 17 Jul 2014 11:35:26 +0000 (11:35 +0000)]
Move comment about strcasecmp() to a more suitable spot.
ok reyk benno

10 years agoMissing bounds check in ssl3_get_certificate_request(), was not spotted in
miod [Thu, 17 Jul 2014 11:32:21 +0000 (11:32 +0000)]
Missing bounds check in ssl3_get_certificate_request(), was not spotted in
1.78; reported by Ilja Van Sprundel.

10 years agoFix typo in example httpd config which caused error on startup.
stsp [Thu, 17 Jul 2014 11:32:14 +0000 (11:32 +0000)]
Fix typo in example httpd config which caused error on startup.
/etc/httpd.conf:8: failed to add media type
ok reyk

10 years agoNo more /var/db/sysmerge
ajacoutot [Thu, 17 Jul 2014 11:28:29 +0000 (11:28 +0000)]
No more /var/db/sysmerge

10 years agoreflect stdio-forward ("ssh -W host:port ...") failures in exit status.
djm [Thu, 17 Jul 2014 07:22:19 +0000 (07:22 +0000)]
reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
previously we were always returning 0. bz#2255 reported by Brendan
Germain; ok dtucker

10 years agoFree sktmp when it's no longer needed. By doing so, we fix a bunch of memory leaks.
logan [Thu, 17 Jul 2014 07:13:02 +0000 (07:13 +0000)]
Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory leaks.

From miod@

OK from miod@ and guenther@

10 years agoConvert a couple calloc()s that were originally malloc()s to reallocarray()s.
guenther [Thu, 17 Jul 2014 06:25:12 +0000 (06:25 +0000)]
Convert a couple calloc()s that were originally malloc()s to reallocarray()s.
The child after fork() should use _exit() instead of exit().
Fix comment typo.

ok millert@

10 years agoURL move; Jean-Philippe Ouellet
deraadt [Thu, 17 Jul 2014 03:21:48 +0000 (03:21 +0000)]
URL move; Jean-Philippe Ouellet

10 years agosilence "incorrect passphrase" error spam; reported and ok dtucker@
djm [Thu, 17 Jul 2014 00:12:03 +0000 (00:12 +0000)]
silence "incorrect passphrase" error spam; reported and ok dtucker@

10 years agoifdef SYS_sendsyslog so this will compile without patching on -stable
djm [Thu, 17 Jul 2014 00:10:56 +0000 (00:10 +0000)]
ifdef SYS_sendsyslog so this will compile without patching on -stable

10 years agopreserve errno across syscall
djm [Thu, 17 Jul 2014 00:10:18 +0000 (00:10 +0000)]
preserve errno across syscall

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:08:25 +0000 (20:08 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:07:03 +0000 (20:07 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:06:27 +0000 (20:06 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:05:28 +0000 (20:05 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:05:03 +0000 (20:05 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:04:21 +0000 (20:04 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:02:45 +0000 (20:02 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:02:17 +0000 (20:02 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 20:00:14 +0000 (20:00 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 19:59:29 +0000 (19:59 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agozap trailing newlines; "go for it" deraadt
okan [Wed, 16 Jul 2014 19:57:34 +0000 (19:57 +0000)]
zap trailing newlines; "go for it" deraadt

10 years agoremove ancient unused NOGZIP support
deraadt [Wed, 16 Jul 2014 19:08:54 +0000 (19:08 +0000)]
remove ancient unused NOGZIP support

10 years agobase vs etc set management is the trickiest. Explain the current rules
deraadt [Wed, 16 Jul 2014 18:55:29 +0000 (18:55 +0000)]
base vs etc set management is the trickiest.  Explain the current rules
that govern the split.

10 years agoSave and restore NVS ranges when hibernating, as per The Spec.
mlarkin [Wed, 16 Jul 2014 17:44:16 +0000 (17:44 +0000)]
Save and restore NVS ranges when hibernating, as per The Spec.

ok kettenis@, deraadt@

10 years agoFix tlsext_tick_lifetime_hint value in test #2 to make sure the
miod [Wed, 16 Jul 2014 17:38:19 +0000 (17:38 +0000)]
Fix tlsext_tick_lifetime_hint value in test #2 to make sure the
(tlsext_tick_lifetime_hint > 0) test also passes on 32-bit platforms
(tlsext_tick_lifetime_hint is a long).

10 years agoDo not set pci_dopm to 1 on the Gdium; if we do, rebooting puts the USB HCI in
miod [Wed, 16 Jul 2014 17:11:37 +0000 (17:11 +0000)]
Do not set pci_dopm to 1 on the Gdium; if we do, rebooting puts the USB HCI in
a state PMON doesn't expect, and can't recover from.

10 years agoinvert the description describing calendar, since it is run by default
jmc [Wed, 16 Jul 2014 17:03:17 +0000 (17:03 +0000)]
invert the description describing calendar, since it is run by default
(so we tell folk how to stop it);