summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-06Clear PQ_AOBJ before calling uvm_pagefree(), clearing up one false XXXTheo de Raadt
comment (one is fixed, one is deleted). ok kettenis beck
2015-02-06Give "machine ddbcpu" a chance to work, now we can try to see what's wrongMartin Pieuchot
on MP.
2015-02-06unsigned char is the correct type for ctype functionsTed Unangst
2015-02-06no space after #Ted Unangst
2015-02-06remove TRUE/FALSE in favor of the true boolean values 1/0Ted Unangst
2015-02-06unneeded getopt.hTheo de Raadt
2015-02-06Debug, whatever it's worth, is clearly not a booleanTed Unangst
2015-02-06cleanup a few bitsTed Unangst
2015-02-06remove no regex ifdef. everybody loves regex.Ted Unangst
2015-02-06use regcomp native case insensitive matching facility instead ofTed Unangst
faking it poorly
2015-02-06don't set a flag with ++; it's a bool, not a counter.Ted Unangst
2015-02-06Remove accidental, commented out code.Doug Hogan
This was to test a patch for upstream.
2015-02-06change int to size_t to avoid integer overflowTed Unangst
2015-02-06Unifdef NETSCAPE_HANG_BUG.Joel Sing
If you're still using a buggy version of Netscape from 2000, for HTTPS with client certificates, it is probably a good time to find a new browser. "kill it softly... with napalm and kisses" miod@
2015-02-06Add additional checks to ssl3_send_client_key_exchange() that ensuresJoel Sing
ephemeral keys exist for SSL_kDHE and SSL_kECDHE. This would have prevented CVE-2014-3572. ok doug@
2015-02-06fix searching and display of offensive fortunes.Ted Unangst
now, if you want to find an offensive fortune about (e.g.) meat, you can simply run: $ fortune -o -m meat This is much easier than the previous requirement to run a command like: $ fortune -o -m `echo meat | rot13` | rot13 requested by guenther phessler
2015-02-06better diagnostics about excess arguments to .PD .ft .spIngo Schwarze
2015-02-06Import BoringSSL's crypto bytestring and crypto bytebuilder APIs.Doug Hogan
This is imported with as few changes as possible for the initial commit. I removed OPENSSL_EXPORT, replaced OPENSSL_malloc() etc with malloc() and changed a few header includes. BoringSSL has this as part of their public API. We're leaving it internal to libssl for now. Based on BoringSSL's CBB/CBS API as of commit c5cc15b4f5b1d6e9b9112cb8d30205a638aa2c54. input + ok jsing@, miod@
2015-02-06regex are documented in re_format.7, not the C API in regex.3Ted Unangst
2015-02-06Call the debugger (bsd -d) before replacing the firmware console just likeMartin Pieuchot
we do for config (bsd -c) to be able to use ddb with USB keyboards.
2015-02-06knfTed Unangst
2015-02-06The write_file() privsep interface was too permissive andReyk Floeter
theoretically allowed the unprivileged child process to write to arbitrary files. Restrict it by replacing it with two specific write_resolv_conf() and write_option_db() privsep interfaces where all the critical decision has been moved to the parent. OK krw@
2015-02-06change the width types to unsigned. negative widths make no sense,Ted Unangst
and as deraadt points out, monitors keep getting bigger. now supports twice as many columns.
2015-02-06make vm_map_lock lock when it's supposed to. add mutex to protect flagsTed Unangst
and then double check we didn't lose the unavoidable race. ok beck guenther kettenis miod
2015-02-06fix an integer overflow found by mlarkinTed Unangst
2015-02-06Add libssl ciphers regress, which currently only coversJoel Sing
get_cipher_by_char/put_cipher_by_char.
2015-02-06Bring back the horrible API that is get_cipher_by_char/put_cipher_by_char.Joel Sing
This API was intended to be an internal only, however like many things in OpenSSL, it is exposed externally and parts of the software ecosystem are now using it since there is no real alternative within the public API. ok doug@, tedu@ and reluctantly miod@
2015-02-06better error reporting for .br .fi .nf with argumentsIngo Schwarze
2015-02-06Handle hibernate button in the same way as suspend does: send anDavid Coppa
APM_USER_HIBERNATE_REQ event so apmd(8) can get it if it's running. ok mlarkin@, deraadt@, miod@
2015-02-06IEEE sez that 0 is bigger than 1, and IEEE is always right.Henning Brauer
When mapping 802.1p prio from the vlan header to our priority levels, we have to swap 0 and 1, since in 802.1p, 1 is the lowest prio, and 0 the 2nd lowest. But 2..7 are in the expected order! Pointed out to me at BSDcan and I forgot by whom, sorry for that and the delay. ok phessler pelikan
2015-02-06Delete the legacy generic warning type MANDOCERR_ARGCWARN,Ingo Schwarze
replacing the last instances by more specific warnings. Improved functionality, minus 50 lines of code.
2015-02-06matthew@ points out that it's a bad idea to rely on the non-privileged,Kenneth R Westerback
network-facing process to properly fill out the interface name and rdomain on which operations are to be performed. Instead, always use the interface name and rdomain discovered before forking and dropping privs. Lets all the imsg structs to drop a couple of members. ok matthew@ henning@
2015-02-06since I just touched this file and thus cause an almost full recompile ofHenning Brauer
everything in the kernel for everybody anyway, can as well use the opportunity to move the block with the IF_* macros down next to the IFQ_* versions; has always been slightly confusing - was like that due to the long gone ALTQ versions of these macros. claudio agrees.
2015-02-06g/c unused IFQ_INC_LEN, IFQ_DEC_LEN and IFQ_INC_DROPS, ok claudioHenning Brauer
2015-02-06using IFQ_INC_LEN and IFQ_DEC_LEN for len++/len-- is a bit excessive,Henning Brauer
especially given that these are the only users of these macros. ok claudio
2015-02-06Add support for stravis() to vis.3 and Makefile.inc.Doug Hogan
stravis(3) is an OpenBSD extension that was added recently. input + ok schwarze@, jmc@, deraadt@
2015-02-06Fix a hibernate crash on some machines due to unmapping a page thatMike Larkin
may not have been mapped previously (in the failure to hibernate case). Also ensure that the lowmem ptp is mapped in all cases (not just MP). ok kettenis
2015-02-06Don't let errors leak the memory returned by getifaddrs().Kenneth R Westerback
2015-02-06better handle .Fo and .Fd without argumentIngo Schwarze
better handle .Fo with more than one argument
2015-02-06Remove route/netstat -f encap in favor of ipsecctl -s flow.Reyk Floeter
OK deraadt@
2015-02-06packets stay within a routing domain. to move them, use pf(4)Peter Hessler
2015-02-06style(9) nitBret Lambert
ok claudio@
2015-02-06better handle empty .Bd .Bl .D1 .Dl blocksIngo Schwarze
2015-02-06Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().Reyk Floeter
As discussed with beck@ jsing@ and others OK beck@
2015-02-06Change rt_mpath_conflict() to not rely on an initialized rtentry whenMartin Pieuchot
checking for actual conflict. ok claudio@, henning@
2015-02-06better handle .In .Sh .Ss .St .Xr without argumentsIngo Schwarze
2015-02-06tweak wording, using feedback from sthen@ and jmc@; ok phessler@Ingo Schwarze
2015-02-06Add syslogd tests for dropped messages.Alexander Bluhm
2015-02-06To get reliable TCP and TLS logging, report when messages get lost.Alexander Bluhm
If the log server refuses to receive messages and the buffer gets full, count the dropped messages. Log the counter when the server accepts messages again. If there are messages in the buffer when a signal is received, count and log them. tested sthen@; OK henning@
2015-02-05Use sizeof(struct X) rather than sizeof(*p) in calloc() invocations.Kenneth R Westerback
History indicates this is slightly less error prone. Inconsistant usage pointed out by Benjamin Baier.