summaryrefslogtreecommitdiff
path: root/usr.sbin
AgeCommit message (Collapse)Author
2015-08-31The !prog and +host features allow to select log messages from aAlexander Bluhm
specific programm or host. It does not make sense to truncate the string from the config at some character from a list. Just take whatever the user specified as progname or hostname. If it contains funky charactes it will not match and the action is not taken. This fixes matching with IP addresses if syslogd is started with -n. OK semarie@
2015-08-30rename a variable "err" to "error"Theo de Raadt
2015-08-30warnx(3) has an implicit \n at the end.Florian Obser
pointed out by deraadt@
2015-08-28log battery changes every 10%, not every 21.Ted Unangst
ok deraadt jung phessler
2015-08-28Rework the UNIX domain socket garbage collector, including ideas fromPhilip Guenther
{Free,Net}BSD - when a socket is closed with fds in its input, defer closing them to a task to avoid recursing. This eliminates the complicated extra reference taking which had a 37 line(!) comment explanation - move flags, counts, and links only needed for this from struct file to struct unpcb - document the flow of the mark/sweep collector much help from claudio@ who made me explain the GC to him until we trusted it ok claudio@ mpi@ deraadt@
2015-08-28Xr ntpctl; from Rob PierceTheo de Raadt
2015-08-27missing va_end(); OK deraadtGleydson Soares
2015-08-27When syslogd is reloading a modified config, it does a reexec onAlexander Bluhm
itself. For this it uses the original arguments of main(). The function loghost_parse() modifies the optarg memory it is operating on. To prevent that the exec arguments have been tampered, pass a copy of optarg to loghost_parse(). OK deraadt@
2015-08-27Add a boundary check for safety and use snprintf() to construct the IPYASUOKA Masahiko
address strings instead of strl{cpy,cat}(). Also make the function return a valid string even in failure case. input deraadt ok deraadt
2015-08-26fix a use after free in an error path found with aflJonathan Gray
ok yasuoka@
2015-08-25Use ppoll(2) instead of poll(2). This has two benefits. Firstly,Todd C. Miller
we can use struct timespec throughout and avoid any conversion issues which might cause jobs to fire prematurely. Secondly, it eliminates a race condition that could delay us taking action on SIGCHLD and SIGHUP. OK deraadt@ okan@ ratchov@
2015-08-25strlcpy() accesses the source string until it finds NUL, even ifAlexander Bluhm
it is behind the size limit. As msg is not NUL-terminated in this case, it depended on memory content wether syslogd will crash. So using memcpy() and setting the NUL explicitly is the correct way. OK deraadt@
2015-08-25Remove references to the -h command line option which was removed.YASUOKA Masahiko
Also use `return' instead of exit(3) in main(). Patch from Michael Reed ok jmc
2015-08-25Remove -h command line option from radiusd(8) to make it better style.YASUOKA Masahiko
Patch from Michael Reed
2015-08-24cp -> mvAntoine Jacoutot
Put /usr/share/sysmerge under XXX.
2015-08-24Make backup directory of replaced files persistent: /var/sysmerge/backups.Antoine Jacoutot
3 rotations so that we have history of modified files. In batch mode, when a file cannot be handled automatically, remove it from the checksum file so that the next interactive sysmerge(8) run will ask to merge the changes. ok rpe@
2015-08-24/usr/share/sysmerge -> /var/sysmergeAntoine Jacoutot
requested by several discussed with deraadt@
2015-08-23Use simple byte pointer arithmetic and memcpy from/to aligned stackChristian Weisgerber
variables to handle the "packed" binary format passed out to userland when querying the prefix/router list. From NetBSD (Martin Husemann). ok mpi@
2015-08-21Increase the input side socket buffer size for "check icmp" not toYASUOKA Masahiko
drop the reply messages when "check icmp" is used with many hosts. ok reyk benno
2015-08-21Use reallocarray() instead of malloc() before strvisx().Reyk Floeter
Found by deraadt@ OK blambert@
2015-08-21The WebDAV MOVE method was not included in the switch statementReyk Floeter
handling the HTTP methods in server_http.c which resulted in a 405 method not allowed error when trying to use it. Fix by jaminh on github
2015-08-21spacesTheo de Raadt
2015-08-21since stdlib.h is in scope, don't cast.... you know the drill.Theo de Raadt
no sneakiness detected by krw
2015-08-20stdlib.h is in scope; do not cast malloc/calloc/realloc*Theo de Raadt
2015-08-20stdlib.h is in scope; do not cast malloc/calloc/realloc*Theo de Raadt
ok millert krw
2015-08-20Change httpd(8) to use C99-style fixed-width integers (uintN_t insteadReyk Floeter
of u_intN_t) and replace u_int with unsigned int. Mixing both variants is a bad style and most contributors seem to prefer this style; it also helps us to get used to it, portability, and standardization. Theoretically no binary change, except one in practice: httpd.o has a different checksum because gcc with -O2 pads/optimizes "struct privsep" differently when using "unsigned int" instead "u_int" for the affected members. "u_int" is just a typedef of "unsigned int", -O0 doesn't build the difference and clang with -O2 doesn't do it either - it is just another curiosity from gcc-land. OK semarie@
2015-08-20use SOCK_NONBLOCK when making a socket instead of ioctl FIONBIO.David Gwynne
for guenther@
2015-08-20avoid ioctl FIONBIO by passing SOCK_NONBLOCK to the things we getDavid Gwynne
sockets out of. for guenther@
2015-08-20ignore SIGPIPE so we can handle the write(2) failures.David Gwynne
instead of exiting on an unknown write failure, close the client connection on EPIPE from write and warn and close the connection on any other failure. ok jmatthew@
2015-08-19spacingReyk Floeter
2015-08-19ca_hier() und ca_newpass() abort on failure, return void instead of int.Reyk Floeter
Based on previous observation by semarie@
2015-08-19spacingReyk Floeter
2015-08-19fcopy_env() should return void as it aborts on failure.Reyk Floeter
Pointed out by semarie@
2015-08-19add missing prototypeTheo de Raadt
2015-08-19do not cast result from xcalloc(); it is in scopeTheo de Raadt
2015-08-19Use C99 integer types in ikectl(8).Reyk Floeter
OK jsg@
2015-08-19Support for overwriting $ENV:: variables in OpenSSL .cnf files fromReyk Floeter
the environment has been removed in LibreSSL. This was a good step but it unintentionally broke the "ikectl ca" commands. Rework the implementation for copying the .cnf files and expanding the $ENV:: variables ourselves before passing the generated .cnf file to the "openssl" command. Reported and tested by Jona Joachim (thanks!) OK jsg@
2015-08-19Remove XXX.Antoine Jacoutot
2015-08-18Fix inconsistent spelling of `inconsistent'Miod Vallat
2015-08-18str_match() checked the return value of str_find_aux() incorrectly: itReyk Floeter
might return a negative number; the return value of match_error() which returns (-1). This was technically a bug, and it exists in 5.8, but there is no impact because the error is correctly catched with the returned non-NULL error string. Found by Leandro Pereira
2015-08-16use a less ambiguous example; from larry hynesJason McIntyre
2015-08-16when we switch valid_domainpart() from our own logic to using res_hnok() weGilles Chehade
missed the fact that res_hnok() will consider an empty string as valid.
2015-08-15assume messages use 8bit bytes by default, not just when 8BITMIME extensionGilles Chehade
is used, this is what the world expects, this is what other MTA do.
2015-08-15bump size of acceptable headers lines, there is no need to be too strictGilles Chehade
2015-08-15change "priorly" to "previously", it reads betterGilles Chehade
2015-08-15correct mode_t 644 to 0644Sebastien Marie
ok sthen@
2015-08-15corrects three err() to errx() callsSebastien Marie
- a if condition don't set errno - strlcpy(3) don't set errno (no mention is man page) - ca_readpass() already manage errno error message with warn(3) ok sthen@
2015-08-14remove partial to_register from sets when we merge, since we have to do theMarc Espie
work again. Should solve the +REQUIRED_BY problem hopefully.
2015-08-14When checking whether we should scan the sensors again use <= ratherTodd C. Miller
than < for the comparison. Otherwise, if we don't do enough work in the loop to advance the clock (for instance if the network is down) we may end up calling poll() multiple times with no timeout, racking up CPU time for no real reason. OK bcook@
2015-08-13scaffolding that will display more info for the elusive REQUIRED_BY errorMarc Espie