Re: fingerd bug isn't

2014-11-20 Thread Stuart Henderson 
On 2014/11/19 22:32, Ted Unangst wrote:
 I don't think this qualifies as a bug. Using the wrong client is user
 error. fingerd should not be responsible for filtering anything you
 shouldn't send it.

That makes much more sense than adding the same text to smtpd, httpd, bgpd, 
etc. :-)
OK.

64-bit PCI bridge support: testers needed

2014-11-20 Thread Mark Kettenis 
Hi All,

dlg@ managed to get access to a machine that actually uses 64-bit PCI
addresses behind a bridge.  This triggered some bugs in the so far
untested code.  Quelle suprprise!

I'd appreciate it if some people can verify that this doesn't break
other systems.  In particular I'm looking for testers on server-type
machines, both i386 and amd64.

Thanks,

Mark


Index: pci.c
===
RCS file: /cvs/src/sys/dev/pci/pci.c,v
retrieving revision 1.106
diff -u -p -r1.106 pci.c
--- pci.c   26 Oct 2014 16:18:42 -  1.106
+++ pci.c   20 Nov 2014 09:04:51 -
@@ -936,6 +936,12 @@ pci_reserve_resources(struct pci_attach_
blr = pci_conf_read(pc, tag, PPB_REG_PREFMEM);
base = (blr  0xfff0)  16;
limit = (blr  0xfff0) | 0x000f;
+#ifdef __LP64__
+   blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
+   base |= ((uint64_t)blr)  32;
+   blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);
+   limit |= ((uint64_t)blr)  32;
+#endif
if (limit  base)
size = (limit - base + 1);
else
Index: ppb.c
===
RCS file: /cvs/src/sys/dev/pci/ppb.c,v
retrieving revision 1.59
diff -u -p -r1.59 ppb.c
--- ppb.c   15 Sep 2014 14:22:07 -  1.59
+++ ppb.c   20 Nov 2014 09:04:51 -
@@ -261,7 +261,7 @@ ppbattach(struct device *parent, struct 
name = malloc(32, M_DEVBUF, M_NOWAIT);
if (name) {
snprintf(name, 32, %s pcimem, sc-sc_dev.dv_xname);
-   sc-sc_memex = extent_create(name, 0, 0x,
+   sc-sc_memex = extent_create(name, 0, (u_long)-1L,
M_DEVBUF, NULL, 0, EX_NOWAIT | EX_FILLED);
extent_free(sc-sc_memex, sc-sc_membase,
sc-sc_memlimit - sc-sc_membase + 1,
@@ -273,7 +273,7 @@ ppbattach(struct device *parent, struct 
blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFMEM);
sc-sc_pmembase = (blr  0xfff0)  16;
sc-sc_pmemlimit = (blr  0xfff0) | 0x000f;
-#ifdef __LP64__/* XXX because extents use long... */
+#ifdef __LP64__
blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
sc-sc_pmembase |= ((uint64_t)blr)  32;
blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);

Re: patch: tedu sccs support

2014-11-20 Thread Tobias Stoeckmann 
On Wed, Nov 19, 2014 at 10:02:33PM -0500, Ted Unangst wrote:
 Are we still tracking upstream patch in any way? I think we've
 diverged in a few places, but there still is an upstream, yes?

I don't think so.  Looking at the past, the first version was written
by Larry Wall who licensed it to FSF in GPL and to BSD in, well, BSD
license.

The README's commit states: patch(1) is now free, thanks Larry!

Which means that there are at least two license-incompatible versions,
the GNU patch and the BSD patch.  As we can't use the former, let's look
at the latter:

FreeBSD stays in sync with our implementation.
DragonflyBSD stays in sync with FreeBSD.
NetBSD stays in sync with DragonflyBSD/FreeBSD.

So, if there is any form of upstream among the larger BSDs, it's our
implementation.

GNU patch and our patch are kinda sibblings, yet GNU patch has more
features than our patch has.  The patches I've sent lately mostly apply
to our patch only, but there are also bugs that hit the GNU patch
version (and some that are exclusive to GNU patch, like using off_t for
indexing memory).

I've sent one larger diff to GNU patch and got asked if I would want
to sign a contributor agreement, but no... I'm not interested in that.
So before I send these common bug fixes to them, I would like to have
them published in our patch, first.  So they are clearly licensed in
our terms and there is no further discussion about it.

So whoever reads this:  Reviewing my diffs would help me to make faster
progress.  Will have quite some time for patch development this week
and next one, so the amount of diffs will be very likely higher than
reviewing can happen.  But every small review helps. :)


Tobias

mandoc.db(5) names.bits

2014-11-20 Thread Ingo Schwarze 
Hi Jason,

Jason McIntyre wrote on Thu, Nov 20, 2014 at 06:34:45AM -0700:

 CVSROOT:  /cvs
 Module name:  src
 Changes by:   j...@cvs.openbsd.org2014/11/20 06:34:45
 
 Modified files:
   lib/libevent   : Makefile 
 
 Log message:
 put MLINKS in the order they appear in the man page,
 so i don;t go blind trying to check what's missing;

No objection whatsoever, keeping the Makefiles clean is always good.

Just mentioning a different approach in case anybody is interested -
this got more powerful with some of my latest commits and is partly
documented in mandoc.db(5):

 $ cd /usr/src/lib/libevent/
 $ make cleandir
 $ cvs up -dP
 $ make obj
 $ make depend
 $ make
 $ sudo make install
 $ sudo makewhatis /usr/share/man
 $ alias qm='sqlite3 /usr/share/man/mandoc.db'  # query mandoc.db
 $ qm 'select * from names where name=evbuffer_new;'
30|evbuffer_new|878
 $ qm 'select * from names where pageid=878 and bits!=18;' 
30|evbuffer_new|878
 $ qm 'select * from names where name=event;'   
16|event|877
 $ qm 'select * from names where pageid=877 and bits!=18;' 
16|event|877
30|event_init|877

Looks good now.  The bits from /usr/src/usr.bin/mandoc/mansearch.h
in the order of decreasing precedence for the new man(1) are:

  16  file name (only this one is used by the old man(1))
   8  page header line (from the .Dt macro)
   4  first .Nm entry in the NAME section
   2  any .Nm entry in the NAME section
   1  any .Nm entry in the SYNOPSIS section

Right now, .Fo and .Fn in the SYNOPSIS do not yet set bit 1,
but that's on my todo list.

So, consistent values are:

  31  (Christmas tree)  for the primary page name
  19  (= ~(8+4))for secondary page names

Anything else is suspicious.

This already works quite well for mdoc(7) pages.  Regarding man(7)
and cat pages, there are still some items on my todo list.

Yours,
  Ingo

Re: mandoc.db(5) names.bits

2014-11-20 Thread Jason McIntyre 
On Thu, Nov 20, 2014 at 03:51:36PM +0100, Ingo Schwarze wrote:
 Hi Jason,
 
 Jason McIntyre wrote on Thu, Nov 20, 2014 at 06:34:45AM -0700:
 
  CVSROOT:/cvs
  Module name:src
  Changes by: j...@cvs.openbsd.org2014/11/20 06:34:45
  
  Modified files:
  lib/libevent   : Makefile 
  
  Log message:
  put MLINKS in the order they appear in the man page,
  so i don;t go blind trying to check what's missing;
 
 No objection whatsoever, keeping the Makefiles clean is always good.
 
 Just mentioning a different approach in case anybody is interested -
 this got more powerful with some of my latest commits and is partly
 documented in mandoc.db(5):
 
  $ cd /usr/src/lib/libevent/
  $ make cleandir
  $ cvs up -dP
  $ make obj
  $ make depend
  $ make
  $ sudo make install
  $ sudo makewhatis /usr/share/man
  $ alias qm='sqlite3 /usr/share/man/mandoc.db'  # query mandoc.db
  $ qm 'select * from names where name=evbuffer_new;'
 30|evbuffer_new|878
  $ qm 'select * from names where pageid=878 and bits!=18;' 
 30|evbuffer_new|878
  $ qm 'select * from names where name=event;'   
 16|event|877
  $ qm 'select * from names where pageid=877 and bits!=18;' 
 16|event|877
 30|event_init|877
 
 Looks good now.  The bits from /usr/src/usr.bin/mandoc/mansearch.h
 in the order of decreasing precedence for the new man(1) are:
 
   16  file name (only this one is used by the old man(1))
8  page header line (from the .Dt macro)
4  first .Nm entry in the NAME section
2  any .Nm entry in the NAME section
1  any .Nm entry in the SYNOPSIS section
 
 Right now, .Fo and .Fn in the SYNOPSIS do not yet set bit 1,
 but that's on my todo list.
 
 So, consistent values are:
 
   31  (Christmas tree)  for the primary page name
   19  (= ~(8+4))for secondary page names
 
 Anything else is suspicious.
 
 This already works quite well for mdoc(7) pages.  Regarding man(7)
 and cat pages, there are still some items on my todo list.
 
 Yours,
   Ingo
 

better still, you had a diff that made MLINKS redundant. that's
what i want.

jmc

Re: LibreSSL: GOWindows support

2014-11-20 Thread Brent Cook 
On Tue, Nov 11, 2014 at 8:41 AM, Brent Cook bust...@gmail.com wrote:
 I gave the openbsd src patches a spin last night. I wonder if there's
 a way we could instead coerce mingw into pretending to be more POSIX
 by way of header tricks in the portable tree:

Hi Dongsheng,

Thanks for doing the initial test port work and posting your fork. I
gave the concept of 'coerce win32 support via stupid header tricks' a
spin, and the result of that is here:

https://github.com/busterb/portable/commits/win32-minimal

This basically intercepts all of the BSD headers unavailable in Win32,
doing the bulk of the required fixups passively through preprocessor
abuse. Note the fun 'posix_close', for instance. I'm almost sure this
has bugs, but tossing up as perhaps an example of Cunningham's law.

While this whole thing feels a little wrong, software on Windows that
uses 'int' interchangeably with SOCKET already sort of dooms it by
design, especially on Win64. Hopefully nobody is seriously using BIO's
builtin socket functions in the first place (they were already pretty
lame on POSIX systems).

The minimal pile of upstream portability changes that this needed to
work are below, and there are not a lot. I am not sure if
'ui_openssl.c' takes the cake as the most out-of-place thing to find
in a crypto library. I also wonder what software would break if it
were moved into openssl(1) directly:

https://github.com/busterb/openbsd/commits/win32-minimal

The result passes 39/40 unit tests so far - still gotta look at pq_test.

I took the poll.c from your fork and built it into openssl(1) only.
However, asprintf worked without any extra effort thanks to recent
mingw having a native version available (though I should probably look
at how that is actually implemented). The idea of needing 2 different
asprintf shims seems rather depressing. I didn't actually incorporate
the syslog compat functions, and am debating if these should really
just be no-op shims for Win32 - again, if someone is using these on
Windows, they are not using event log properly, and will get some
pretty ugly-looking logs.

I tested and built on Ubuntu 14.04 with wine and the mingw-w64
package, using this config line:

CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32

Comments?

 - Brent

[PATCH]rcs: write usage function pointer always the same way

2014-11-20 Thread Fritjof Bornebusch 
Hi tech,

I think it's more readable if the usage() function pointer will always be
written the same way.

fritjof


Index: rlog.c
===
RCS file: /cvs/src/usr.bin/rcs/rlog.c,v
retrieving revision 1.69
diff -u -p -r1.69 rlog.c
--- rlog.c  10 Oct 2014 08:15:25 -  1.69
+++ rlog.c  20 Nov 2014 15:54:28 -
@@ -136,7 +136,7 @@ rlog_main(int argc, char **argv)
timezone_flag = rcs_optarg;
break;
default:
-   (usage());
+   (usage)();
}
}
 


pgpnNScZfk7ra.pgp
Description: PGP signature

Re: mandoc.db(5) names.bits

2014-11-20 Thread Ingo Schwarze 
Hi Jason,

Jason McIntyre wrote on Thu, Nov 20, 2014 at 03:00:49PM +0001:

 better still, you had a diff that made MLINKS redundant.
 that's what i want.

Jajaja!  :-)

But before i can put that in, i want to check off the list of
things that i already know might go wrong.  I don't want people
ending up with not getting shown the pages they request, or
being shown pages they don't request.  Once the old man(1) is
gone, that would really be inconvenient.  After my list becomes
empty, we still need a public testing phase, and not too close
to release.  So i think it won't make 5.7.

What i have shown here is part of the way to get there, though.

Yours,
  Ingo

Status on porting Rust to OpenBSD

2014-11-20 Thread Dave Huseby 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi everybody,

In my free time over the last few weeks I have been attempting to
cross-compile the rust compiler using the same method that was used to
add support for Dragonfly BSD.  I started with the scripts from the
Dragonfly effort and fixed them up to work with OpenBSD and Linux.
All of my code and documentation is here:

https://github.com/dhuseby/rust-cross-openbsd

Currently, I'm stuck on stage 3.  The part where all of the object
files from both OpenBSD and Linux need to be linked together into an
OpenBSD executable.  I'm pretty certain the reason stage 3 doesn't
complete is because of the old linker on OpenBSD.  At the bottom of
the README.md file I discuss some options on what to try next.  I have
also included build logs of all stages so that other people can see
the output without jumping through all of the hoops I did.

My options at this point are this:

1. Use the same version compiler/assembler/linker on Linux and OpenBSD
so that the object files will be more compatible.  Hopefully this will
allow stage 3 to finish linking.

2. Apply my OpenBSD target patches to Rust and build a Linux rust
compiler that knows how to target OpenBSD.  Then I use Linux emulation
on OpenBSD to run it to compile itself from scratch.

3. Figure out a way to get a newer linker working on OpenBSD.

Thoughts?  I'm looking for feedback.  Are my assumptions and ideas
right for why stage 3 doesn't successfully link?  Any other ideas on
what I can try?

- --dave
-BEGIN PGP SIGNATURE-

iF4EAREIAAYFAlRtZBMACgkQvt/JvmUQuOkWZgD+PWr5ZmE6ypdQQuLgo1eHddGl
e0LUUJi8CyvYpyNqUEMA/1EJCC6Z6mCeM11oGKhHxLdChv3qVjKg/6jXAoEIPynh
=GD3X
-END PGP SIGNATURE-


0x6510B8E9.asc
Description: application/pgp-keys


0x6510B8E9.asc.sig
Description: PGP signature

Re: fts: optimize by using fstatat instead of lstat

2014-11-20 Thread Todd C. Miller 
On Wed, 19 Nov 2014 20:30:04 -0800, Philip Guenther wrote:

 Committed, which leads to the next diff: use O_CLOEXEC on all internal 
 fds, O_DIRECTORY when opening a directory other than ., and drop the 3rd 
 argument to open() as unnecessary when O_CREAT isn't used.

Looks good to me.  OK millert@

 - todd

Re: Status on porting Rust to OpenBSD

2014-11-20 Thread Ted Unangst 
On Wed, Nov 19, 2014 at 19:46, Dave Huseby wrote:

 3. Figure out a way to get a newer linker working on OpenBSD.

binutils-2.17 is in the src tree at gnu/usr.bin/binutils-2.17.

It's not enabled because it doesn't always work right, but at one
point there was a plan to switch to it precisely because newer
projects need it. You can try using that, but getting it to coexist
with the regular binutils may be difficult.

Re: Status on porting Rust to OpenBSD

2014-11-20 Thread Landry Breuil 
On Wed, Nov 19, 2014 at 07:46:27PM -0800, Dave Huseby wrote:
 Hi everybody,
 
 In my free time over the last few weeks I have been attempting to
 cross-compile the rust compiler using the same method that was used to
 add support for Dragonfly BSD.  I started with the scripts from the
 Dragonfly effort and fixed them up to work with OpenBSD and Linux.
 All of my code and documentation is here:
 
 https://github.com/dhuseby/rust-cross-openbsd
 
 Currently, I'm stuck on stage 3.  The part where all of the object
 files from both OpenBSD and Linux need to be linked together into an
 OpenBSD executable.  I'm pretty certain the reason stage 3 doesn't
 complete is because of the old linker on OpenBSD.  At the bottom of
 the README.md file I discuss some options on what to try next.  I have
 also included build logs of all stages so that other people can see
 the output without jumping through all of the hoops I did.
 
 My options at this point are this:
 
 1. Use the same version compiler/assembler/linker on Linux and OpenBSD
 so that the object files will be more compatible.  Hopefully this will
 allow stage 3 to finish linking.
 
 2. Apply my OpenBSD target patches to Rust and build a Linux rust
 compiler that knows how to target OpenBSD.  Then I use Linux emulation
 on OpenBSD to run it to compile itself from scratch.

Linux emul only works on OpenBSD/i386 iirc..

Did you try communicating with the dfly developer to exchange ideas on
the issues you encounter, and the upstream developers ?

Anyway, your effort is appreciated. I'll port servo on top as soon as
rust is working :)

Landry


pgpj96M1eCILW.pgp
Description: PGP signature

Re: fingerd bug isn't

2014-11-20 Thread Todd C. Miller 
On Wed, 19 Nov 2014 22:32:59 -0500, Ted Unangst wrote:

 I don't think this qualifies as a bug. Using the wrong client is user
 error. fingerd should not be responsible for filtering anything you
 shouldn't send it.

OK millert@ (who wonders how many people even know what a TIP is these days)

 - todd

Re: vi: global state cleanup

2014-11-20 Thread Martin Natano 
On Wed, Nov 12, 2014 at 07:34:28PM +0100, Martin Natano wrote:
 The 'struct _gs' type (aka. GS) contains pointers to screen interface
 functions, which are set by cl_func_std(), but this mechanism isn't
 necessary anymore, because the other frontends (tk, motif, ipc) have
 been removed. The only remaining frontend is curses and can be used
 directly. The only exception is the scr_msg function pointer, which is
 used by the perl api (disabled by default) and thus must remain in GS.
 
 Also, the tcl_interp, ip_private and tk_private fields are unused and
 can be removed.

Below is an updated version of the patch, which applies cleanly to vi as
it is in CVS now. I killed scr_msg, because the last user (the perl api)
is now gone.

This diff is mostly a mechanical change from scr_* to cl_* (or vs_* in
the cases of scr_busy and scr_msg). The benefit is, that the global
state is used less, and the code should be more readable, as less
indirections are involved when a function is called. Does anyone want
to commit that?

 See the diff below.
 
 cheers,
 natano


Index: cl/cl_funcs.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_funcs.c,v
retrieving revision 1.17
diff -u -r1.17 cl_funcs.c
--- cl/cl_funcs.c   12 Nov 2014 16:29:04 -  1.17
+++ cl/cl_funcs.c   20 Nov 2014 20:36:40 -
@@ -466,14 +466,12 @@
 int
 cl_rename(SCR *sp, char *name, int on)
 {
-   GS *gp;
CL_PRIVATE *clp;
char *ttype;
 
-   gp = sp-gp;
clp = CLP(sp);
 
-   ttype = OG_STR(gp, GO_TERM);
+   ttype = OG_STR(sp-gp, GO_TERM);
 
/*
 * XXX
Index: cl/cl_main.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_main.c,v
retrieving revision 1.25
diff -u -r1.25 cl_main.c
--- cl/cl_main.c19 Nov 2014 03:42:40 -  1.25
+++ cl/cl_main.c20 Nov 2014 20:36:40 -
@@ -33,7 +33,6 @@
 GS *__global_list; /* GLOBAL: List of screens. */
 sigset_t __sigblockset;/* GLOBAL: Blocked 
signals. */
 
-static void   cl_func_std(GS *);
 static CL_PRIVATE *cl_init(GS *);
 static GS*gs_init(char *);
 static void   perr(char *, char *);
@@ -202,9 +201,6 @@
(void)close(fd);
}
 
-   /* Initialize the list of curses functions. */
-   cl_func_std(gp);
-
return (clp);
 }
 
@@ -351,36 +347,6 @@
(void)sigaction(SIGINT, NULL, clp-oact[INDX_INT]);
(void)sigaction(SIGTERM, NULL, clp-oact[INDX_TERM]);
(void)sigaction(SIGWINCH, NULL, clp-oact[INDX_WINCH]);
-}
-
-/*
- * cl_func_std --
- * Initialize the standard curses functions.
- */
-static void
-cl_func_std(GS *gp)
-{
-   gp-scr_addstr = cl_addstr;
-   gp-scr_attr = cl_attr;
-   gp-scr_baud = cl_baud;
-   gp-scr_bell = cl_bell;
-   gp-scr_busy = NULL;
-   gp-scr_clrtoeol = cl_clrtoeol;
-   gp-scr_cursor = cl_cursor;
-   gp-scr_deleteln = cl_deleteln;
-   gp-scr_event = cl_event;
-   gp-scr_ex_adjust = cl_ex_adjust;
-   gp-scr_fmap = cl_fmap;
-   gp-scr_insertln = cl_insertln;
-   gp-scr_keyval = cl_keyval;
-   gp-scr_move = cl_move;
-   gp-scr_msg = NULL;
-   gp-scr_optchange = cl_optchange;
-   gp-scr_refresh = cl_refresh;
-   gp-scr_rename = cl_rename;
-   gp-scr_screen = cl_screen;
-   gp-scr_suspend = cl_suspend;
-   gp-scr_usage = cl_usage;
 }
 
 /*
Index: cl/cl_read.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_read.c,v
retrieving revision 1.19
diff -u -r1.19 cl_read.c
--- cl/cl_read.c12 Nov 2014 04:28:41 -  1.19
+++ cl/cl_read.c20 Nov 2014 20:36:40 -
@@ -128,12 +128,10 @@
 {
struct termios term1, term2;
CL_PRIVATE *clp;
-   GS *gp;
struct pollfd pfd[1];
input_t rval;
int nr, term_reset, timeout;
 
-   gp = sp-gp;
clp = CLP(sp);
term_reset = 0;
 
@@ -205,7 +203,7 @@
 * It's ugly that we wait on scripting file descriptors here, but it's
 * the only way to keep from locking out scripting windows.
 */
-   if (F_ISSET(gp, G_SCRWIN)) {
+   if (F_ISSET(sp-gp, G_SCRWIN)) {
if (sscr_check_input(sp))
goto err;
}
Index: common/gs.h
===
RCS file: /cvs/src/usr.bin/vi/common/gs.h,v
retrieving revision 1.13
diff -u -r1.13 gs.h
--- common/gs.h 20 Nov 2014 08:50:53 -  1.13
+++ common/gs.h 20 Nov 2014 20:36:40 -
@@ -40,13 +40,13 @@
u_int16_t flags;
 };
 
-/* Action arguments to scr_exadjust(). */
+/* Action arguments to cl_ex_adjust(). */
 typedef enum { EX_TERM_CE, EX_TERM_SCROLL } exadj_t;
 
-/* Screen attribute arguments to scr_attr(). */
+/* Screen attribute arguments to cl_attr(). */
 typedef enum {

httpd errata

2014-11-20 Thread Ted Unangst 
[on behalf of reyk]

Many people want to test the new httpd in OpenBSD 5.6; so we decided
to provide various improvements from -current for 5.6.
See the description below for more details.


untrusted comment: signature from openbsd 5.6 base private key
RWR0EANmo9nqhn3Gnfk2/2x+xII6do92zreKp/t5zOwfkVgsQAI4ZCPkWAazbbnWNV7Ptkle876f/kb6C2KuvnTqvwUItsyvogA=

OpenBSD 5.6 errata 9, Nov 18, 2014:  httpd was developed very rapidly
in the weeks before 5.6 release, and it has a few flaws.  It would be
nice to get these flaws fully remediated before the next release, and
that requires the community to want to use it.  Therefore here is a
jumbo patch that brings in the most important fixes.

Apply patch using:

signify -Vep /etc/signify/openbsd-56-base.pub -x 009_httpd.patch.sig \
-m - | (cd /usr/src  patch -p0)

Then build and install httpd:

cd /usr/src/usr.sbin/httpd
make obj
make
make install

Index: usr.sbin/httpd/config.c
===
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.21
diff -u -p -r1.21 config.c
--- usr.sbin/httpd/config.c 6 Aug 2014 18:21:14 -   1.21
+++ usr.sbin/httpd/config.c 18 Nov 2014 15:02:54 -
@@ -223,7 +223,7 @@ config_getserver_config(struct httpd *en
 #ifdef DEBUG
struct privsep  *ps = env-sc_ps;
 #endif
-   struct server_config*srv_conf;
+   struct server_config*srv_conf, *parent;
u_int8_t*p = imsg-data;
u_intf;
 
@@ -233,18 +233,28 @@ config_getserver_config(struct httpd *en
IMSG_SIZE_CHECK(imsg, srv_conf);
memcpy(srv_conf, p, sizeof(*srv_conf));
 
+   /* Reset these variables to avoid free'ing invalid pointers */
+   serverconfig_reset(srv_conf);
+
+   TAILQ_FOREACH(parent, srv-srv_hosts, entry) {
+   if (strcmp(parent-name, srv_conf-name) == 0)
+   break;
+   }
+   if (parent == NULL)
+   parent = srv-srv_conf;
+
if (srv_conf-flags  SRVFLAG_LOCATION) {
/* Inherit configuration from the parent */
f = SRVFLAG_INDEX|SRVFLAG_NO_INDEX;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   (void)strlcpy(srv_conf-index, srv-srv_conf.index,
+   srv_conf-flags |= parent-flags  f;
+   (void)strlcpy(srv_conf-index, parent-index,
sizeof(srv_conf-index));
}
 
f = SRVFLAG_AUTO_INDEX|SRVFLAG_NO_AUTO_INDEX;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_SOCKET|SRVFLAG_FCGI;
if ((srv_conf-flags  f) == SRVFLAG_FCGI) {
@@ -255,48 +265,48 @@ config_getserver_config(struct httpd *en
 
f = SRVFLAG_ROOT;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   (void)strlcpy(srv_conf-root, srv-srv_conf.root,
+   srv_conf-flags |= parent-flags  f;
+   (void)strlcpy(srv_conf-root, parent-root,
sizeof(srv_conf-root));
}
 
f = SRVFLAG_FCGI|SRVFLAG_NO_FCGI;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_LOG|SRVFLAG_NO_LOG;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   srv_conf-logformat = srv-srv_conf.logformat;
+   srv_conf-flags |= parent-flags  f;
+   srv_conf-logformat = parent-logformat;
}
 
f = SRVFLAG_SYSLOG|SRVFLAG_NO_SYSLOG;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_SSL;
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_ACCESS_LOG;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
(void)strlcpy(srv_conf-accesslog,
-   srv-srv_conf.accesslog,
+   parent-accesslog,
sizeof(srv_conf-accesslog));
}
 
f = SRVFLAG_ERROR_LOG;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
+

Re: httpd errata

2014-11-20 Thread Jeremiah Ford 
This just made my day.

-Original Message-
From: Ted Unangst t...@tedunangst.com
Sent: ‎11/‎20/‎2014 6:26 PM
To: tech@openbsd.org tech@openbsd.org
Subject: httpd errata

[on behalf of reyk]

Many people want to test the new httpd in OpenBSD 5.6; so we decided
to provide various improvements from -current for 5.6.
See the description below for more details.


untrusted comment: signature from openbsd 5.6 base private key
RWR0EANmo9nqhn3Gnfk2/2x+xII6do92zreKp/t5zOwfkVgsQAI4ZCPkWAazbbnWNV7Ptkle876f/kb6C2KuvnTqvwUItsyvogA=

OpenBSD 5.6 errata 9, Nov 18, 2014:  httpd was developed very rapidly
in the weeks before 5.6 release, and it has a few flaws.  It would be
nice to get these flaws fully remediated before the next release, and
that requires the community to want to use it.  Therefore here is a
jumbo patch that brings in the most important fixes.

Apply patch using:

signify -Vep /etc/signify/openbsd-56-base.pub -x 009_httpd.patch.sig \
-m - | (cd /usr/src  patch -p0)

Then build and install httpd:

cd /usr/src/usr.sbin/httpd
make obj
make
make install

Index: usr.sbin/httpd/config.c
===
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.21
diff -u -p -r1.21 config.c
--- usr.sbin/httpd/config.c 6 Aug 2014 18:21:14 -   1.21
+++ usr.sbin/httpd/config.c 18 Nov 2014 15:02:54 -
@@ -223,7 +223,7 @@ config_getserver_config(struct httpd *en
 #ifdef DEBUG
struct privsep  *ps = env-sc_ps;
 #endif
-   struct server_config*srv_conf;
+   struct server_config*srv_conf, *parent;
u_int8_t*p = imsg-data;
u_intf;
 
@@ -233,18 +233,28 @@ config_getserver_config(struct httpd *en
IMSG_SIZE_CHECK(imsg, srv_conf);
memcpy(srv_conf, p, sizeof(*srv_conf));
 
+   /* Reset these variables to avoid free'ing invalid pointers */
+   serverconfig_reset(srv_conf);
+
+   TAILQ_FOREACH(parent, srv-srv_hosts, entry) {
+   if (strcmp(parent-name, srv_conf-name) == 0)
+   break;
+   }
+   if (parent == NULL)
+   parent = srv-srv_conf;
+
if (srv_conf-flags  SRVFLAG_LOCATION) {
/* Inherit configuration from the parent */
f = SRVFLAG_INDEX|SRVFLAG_NO_INDEX;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   (void)strlcpy(srv_conf-index, srv-srv_conf.index,
+   srv_conf-flags |= parent-flags  f;
+   (void)strlcpy(srv_conf-index, parent-index,
sizeof(srv_conf-index));
}
 
f = SRVFLAG_AUTO_INDEX|SRVFLAG_NO_AUTO_INDEX;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_SOCKET|SRVFLAG_FCGI;
if ((srv_conf-flags  f) == SRVFLAG_FCGI) {
@@ -255,48 +265,48 @@ config_getserver_config(struct httpd *en
 
f = SRVFLAG_ROOT;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   (void)strlcpy(srv_conf-root, srv-srv_conf.root,
+   srv_conf-flags |= parent-flags  f;
+   (void)strlcpy(srv_conf-root, parent-root,
sizeof(srv_conf-root));
}
 
f = SRVFLAG_FCGI|SRVFLAG_NO_FCGI;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_LOG|SRVFLAG_NO_LOG;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
-   srv_conf-logformat = srv-srv_conf.logformat;
+   srv_conf-flags |= parent-flags  f;
+   srv_conf-logformat = parent-logformat;
}
 
f = SRVFLAG_SYSLOG|SRVFLAG_NO_SYSLOG;
if ((srv_conf-flags  f) == 0)
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_SSL;
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
 
f = SRVFLAG_ACCESS_LOG;
if ((srv_conf-flags  f) == 0) {
-   srv_conf-flags |= srv-srv_conf.flags  f;
+   srv_conf-flags |= parent-flags  f;
(void)strlcpy(srv_conf-accesslog,
-   srv-srv_conf.accesslog,
+   parent-accesslog,
sizeof(srv_conf-accesslog));

crypt_newhash

2014-11-20 Thread Jonas 'Sortie' Termansen 
Hi,

The flak blog just had an interesting post about why the old crypt() interface
should be replaced, and on the new crypt_newhash() and crypt_checkpass() that
were added to OpenBSD. I would like to see this API become portable and perhaps
standardized, but crypt_newhash is currently tied to login_cap_t, which is not a
portable abstraction. The current synopsis is:

#include login_cap.h
int crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t 
hashlen);

The purpose of the lc parameter is to determine which algorithm to use: The
implementation merely does a login_getcapstr(lc, localcipher, NULL, NULL) call
to convert that into a string telling what algorithm to use. If lc is NULL, then
it defaults to a reasonable algorithm.

It would be superior to move the login_getcapstr call to the caller and instead
have a string parameter. This removes the association with login_cap and it can
be moved to unistd.h or pwd.h alongside the other functions. It also becomes
more like crypt (where various algorithms can be requested) and thus more
reusable in other situations than local-user authentication (like a web-server).

Jonas

Re: crypt_newhash

2014-11-20 Thread Ted Unangst 
On Thu, Nov 20, 2014 at 19:29, Jonas 'Sortie' Termansen wrote:
 Hi,
 
 The flak blog just had an interesting post about why the old crypt()
 interface
 should be replaced, and on the new crypt_newhash() and crypt_checkpass() that
 were added to OpenBSD. I would like to see this API become portable and
 perhaps
 standardized, but crypt_newhash is currently tied to login_cap_t, which is
 not a
 portable abstraction. The current synopsis is:
 
 #include login_cap.h
 int crypt_newhash(const char *pass, login_cap_t *lc, char *hash, size_t
 hashlen);
 
 The purpose of the lc parameter is to determine which algorithm to use: The
 implementation merely does a login_getcapstr(lc, localcipher, NULL,
 NULL) call
 to convert that into a string telling what algorithm to use. If lc is
 NULL, then
 it defaults to a reasonable algorithm.
 
 It would be superior to move the login_getcapstr call to the caller and
 instead
 have a string parameter. This removes the association with login_cap and
 it can
 be moved to unistd.h or pwd.h alongside the other functions. It also
 becomes
 more like crypt (where various algorithms can be requested) and thus more
 reusable in other situations than local-user authentication (like a
 web-server).

Yes. Deciding which level of abstraction to incorporate was part of
the fun.

The factors in favor of login_cap is that the getcapstr code is
basically boilerplate that all OpenBSD callers are going to duplicate.
The various passwd/user/encrypt programs all have access to login cap.

You have some good points that the interface could be changed
to be more accomodating to other users. The bcrypt extension functions
are standalone precisely for that reason, so that the code could be
packaged and reused by anybody. The crypt_newhash function felt more
like a system interface, particular to OpenBSD, but it is not
strictly necessary for that to be the case. Parity with checkpass
would be a bonus.

So far only passwd uses the new function; it is still easy for me to
change the interface. (The only constraint being that I need to
coordinate library changes with other developments so it may not be an
immediate change.)

Re: 64-bit PCI bridge support: testers needed

2014-11-20 Thread David Gwynne 
working on a 2950. will put try it on a r710 soon.

dlg

 On 20 Nov 2014, at 19:10, Mark Kettenis mark.kette...@xs4all.nl wrote:
 
 Hi All,
 
 dlg@ managed to get access to a machine that actually uses 64-bit PCI
 addresses behind a bridge.  This triggered some bugs in the so far
 untested code.  Quelle suprprise!
 
 I'd appreciate it if some people can verify that this doesn't break
 other systems.  In particular I'm looking for testers on server-type
 machines, both i386 and amd64.
 
 Thanks,
 
 Mark
 
 
 Index: pci.c
 ===
 RCS file: /cvs/src/sys/dev/pci/pci.c,v
 retrieving revision 1.106
 diff -u -p -r1.106 pci.c
 --- pci.c 26 Oct 2014 16:18:42 -  1.106
 +++ pci.c 20 Nov 2014 09:04:51 -
 @@ -936,6 +936,12 @@ pci_reserve_resources(struct pci_attach_
   blr = pci_conf_read(pc, tag, PPB_REG_PREFMEM);
   base = (blr  0xfff0)  16;
   limit = (blr  0xfff0) | 0x000f;
 +#ifdef __LP64__
 + blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
 + base |= ((uint64_t)blr)  32;
 + blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);
 + limit |= ((uint64_t)blr)  32;
 +#endif
   if (limit  base)
   size = (limit - base + 1);
   else
 Index: ppb.c
 ===
 RCS file: /cvs/src/sys/dev/pci/ppb.c,v
 retrieving revision 1.59
 diff -u -p -r1.59 ppb.c
 --- ppb.c 15 Sep 2014 14:22:07 -  1.59
 +++ ppb.c 20 Nov 2014 09:04:51 -
 @@ -261,7 +261,7 @@ ppbattach(struct device *parent, struct 
   name = malloc(32, M_DEVBUF, M_NOWAIT);
   if (name) {
   snprintf(name, 32, %s pcimem, sc-sc_dev.dv_xname);
 - sc-sc_memex = extent_create(name, 0, 0x,
 + sc-sc_memex = extent_create(name, 0, (u_long)-1L,
   M_DEVBUF, NULL, 0, EX_NOWAIT | EX_FILLED);
   extent_free(sc-sc_memex, sc-sc_membase,
   sc-sc_memlimit - sc-sc_membase + 1,
 @@ -273,7 +273,7 @@ ppbattach(struct device *parent, struct 
   blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFMEM);
   sc-sc_pmembase = (blr  0xfff0)  16;
   sc-sc_pmemlimit = (blr  0xfff0) | 0x000f;
 -#ifdef __LP64__  /* XXX because extents use long... */
 +#ifdef __LP64__
   blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
   sc-sc_pmembase |= ((uint64_t)blr)  32;
   blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);

Re: crypt_newhash

2014-11-20 Thread Ted Unangst 
On Thu, Nov 20, 2014 at 20:22, Ted Unangst wrote:

 So far only passwd uses the new function; it is still easy for me to
 change the interface. (The only constraint being that I need to
 coordinate library changes with other developments so it may not be an
 immediate change.)

Sneaking the change in was easier than I thought, and upon further
review, some of the extra login_cap handling was unnecessary for most
callers. Updated to use a string parameter (arguments regarding its
defintion postponed til next week :)). Thanks for the quick feedback.

Re: 64-bit PCI bridge support: testers needed

2014-11-20 Thread David Gwynne 
works on an alpha es45 as well. theo made me do it.

 On 21 Nov 2014, at 13:49, David Gwynne da...@gwynne.id.au wrote:
 
 working on a 2950. will put try it on a r710 soon.
 
 dlg
 
 On 20 Nov 2014, at 19:10, Mark Kettenis mark.kette...@xs4all.nl wrote:
 
 Hi All,
 
 dlg@ managed to get access to a machine that actually uses 64-bit PCI
 addresses behind a bridge.  This triggered some bugs in the so far
 untested code.  Quelle suprprise!
 
 I'd appreciate it if some people can verify that this doesn't break
 other systems.  In particular I'm looking for testers on server-type
 machines, both i386 and amd64.
 
 Thanks,
 
 Mark
 
 
 Index: pci.c
 ===
 RCS file: /cvs/src/sys/dev/pci/pci.c,v
 retrieving revision 1.106
 diff -u -p -r1.106 pci.c
 --- pci.c26 Oct 2014 16:18:42 -  1.106
 +++ pci.c20 Nov 2014 09:04:51 -
 @@ -936,6 +936,12 @@ pci_reserve_resources(struct pci_attach_
  blr = pci_conf_read(pc, tag, PPB_REG_PREFMEM);
  base = (blr  0xfff0)  16;
  limit = (blr  0xfff0) | 0x000f;
 +#ifdef __LP64__
 +blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
 +base |= ((uint64_t)blr)  32;
 +blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);
 +limit |= ((uint64_t)blr)  32;
 +#endif
  if (limit  base)
  size = (limit - base + 1);
  else
 Index: ppb.c
 ===
 RCS file: /cvs/src/sys/dev/pci/ppb.c,v
 retrieving revision 1.59
 diff -u -p -r1.59 ppb.c
 --- ppb.c15 Sep 2014 14:22:07 -  1.59
 +++ ppb.c20 Nov 2014 09:04:51 -
 @@ -261,7 +261,7 @@ ppbattach(struct device *parent, struct 
  name = malloc(32, M_DEVBUF, M_NOWAIT);
  if (name) {
  snprintf(name, 32, %s pcimem, sc-sc_dev.dv_xname);
 -sc-sc_memex = extent_create(name, 0, 0x,
 +sc-sc_memex = extent_create(name, 0, (u_long)-1L,
  M_DEVBUF, NULL, 0, EX_NOWAIT | EX_FILLED);
  extent_free(sc-sc_memex, sc-sc_membase,
  sc-sc_memlimit - sc-sc_membase + 1,
 @@ -273,7 +273,7 @@ ppbattach(struct device *parent, struct 
  blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFMEM);
  sc-sc_pmembase = (blr  0xfff0)  16;
  sc-sc_pmemlimit = (blr  0xfff0) | 0x000f;
 -#ifdef __LP64__ /* XXX because extents use long... */
 +#ifdef __LP64__
  blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFBASE_HI32);
  sc-sc_pmembase |= ((uint64_t)blr)  32;
  blr = pci_conf_read(pc, pa-pa_tag, PPB_REG_PREFLIM_HI32);

Re: httpd errata

2014-11-20 Thread patrick keshishian 
Hi,

On Thu, Nov 20, 2014 at 06:24:23PM -0500, Ted Unangst wrote:
 [on behalf of reyk]
 
 Many people want to test the new httpd in OpenBSD 5.6; so we decided
 to provide various improvements from -current for 5.6.
 See the description below for more details.

[...]

 Index: usr.sbin/httpd/httpd.c
 ===
 RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v
 retrieving revision 1.17
 diff -u -p -r1.17 httpd.c
 --- usr.sbin/httpd/httpd.c5 Aug 2014 15:36:59 -   1.17
 +++ usr.sbin/httpd/httpd.c18 Nov 2014 15:02:54 -

[...]

 @@ -623,6 +678,40 @@ socket_rlimit(int maxfd)
   rl.rlim_cur = MAX(rl.rlim_max, (rlim_t)maxfd);
   if (setrlimit(RLIMIT_NOFILE, rl) == -1)
   fatal(socket_rlimit: failed to set resource limit);
 +}
 +
 +char *
 +evbuffer_getline(struct evbuffer *evb)
 +{
 + u_int8_t*ptr = EVBUFFER_DATA(evb);
 + size_t   len = EVBUFFER_LENGTH(evb);
 + char*str;
 + u_inti;
 +
 + /* Safe version of evbuffer_readline() */
 + if ((str = get_string(ptr, len)) == NULL)
 + return (NULL);
 +
 + for (i = 0; str[i] != '\0'; i++) {
 + if (str[i] == '\r' || str[i] == '\n')
 + break;
 + }
 +
 + if (i == len) {
 + free(str);
 + return (NULL);
 + }
 +
 + str[i] = '\0';
 +
 + if ((i + 1)  len) {
 + if (ptr[i] == '\r'  ptr[i + 1] == '\n')
 + i++;
 + }

any concern over 'u_int i' vs 'size_t len' type-mismatch?

--patrick